Impact
A use‑after‑free flaw exists in NVIDIA Triton Inference Server for Linux that allows an attacker to trigger memory corruption by sending the vulnerability is successfully exploited, the affected process can crash or become unresponsive, thereby denying legitimate users access to the inference service. The weakness aligns with CWE‑416, where a deallocated memory region is accessed after it has been freed.
Affected Systems
The vulnerability targets NVIDIA Triton Inference Server running on Linux. No version specifics are provided, so all current deployments may be susceptible until a patched release is applied.
Risk and Exploitability
The CVSS score of 5.9 indicates moderate severity. EPSS is not available, and the flaw is not listed in CISA’s KEV catalog, suggesting limited public exploitation data. The likely attack vector involves remote delivery of malformed inference requests, requiring network reachability to the Triton endpoint; the exact conditions are not disclosed, so the exploit risk is inferred from the nature of use‑after‑free attacks in similar contexts.
OpenCVE Enrichment