CVE Daily
← All tags

Tag: nvm

All CVEs associated with "nvm". Page 1/1 • 19 CVEs.

About “nvm”

A curated feed of “nvm”-related CVEs appears below. We currently track 19 CVEs for this tag (all time). In the last 365 days, 8 were published. Average CVSS is 6.2 (all time; 5.8 over 365d), and 21% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-415 - Double Free, CWE-782 - Exposed IOCTL with Insufficient Access Control, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: nvm

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
0.400.40.4-
0.390.39.7 Expired
0.380.38.0 Expired
0.370.37.2 Expired
0.360.36.0 Expired
0.350.35.3 Expired
0.340.34.0 Expired
0.330.33.11 Expired
0.320.32.1 Expired
0.310.31.7 Expired
0.300.30.2 Expired
0.290.29.0 Expired
0.280.28.0 Expired
0.270.27.1 Expired
0.260.26.1 Expired
0.250.25.4 Expired
0.240.24.2 Expired
0.230.23.3 Expired
0.220.22.2 Expired
0.210.21.0 Expired
0.200.20.0 Expired
0.190.19.0 Expired
0.180.18.0 Expired
0.170.17.3 Expired
0.160.16.1 Expired
0.150.15.0 Expired
0.140.14.0 Expired
0.130.13.1 Expired
0.120.12.2 Expired
0.110.11.2 Expired
0.100.10.0 Expired
0.90.9.0 Expired
0.80.8.0 Expired
0.70.7.0 Expired
0.60.6.1 Expired
0.50.5.1 Expired
0.40.4.0 Expired
0.30.3.0 Expired
0.20.2.0 Expired
0.10.1.0 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “nvm”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-02-14
High

CVE-2026-23162

In the Linux kernel, the following vulnerability has been resolved: drm/xe/nvm: Fix double-free on aux add failure After a successful auxiliary_device_init(), aux_dev->dev.release (xe_nvm_release_d…

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
2026-02-10
Medium

CVE-2025-27535

Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. S…

CVSS: 5.3 CWE: CWE-782 - Exposed IOCTL with Insufficient Access Control View on NVD
2026-01-29
Medium

CVE-2026-1665

A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment v…

CVSS: 5.4 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2025-12-24
Unknown

CVE-2022-50723

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix memory leak in bnxt_nvm_test() Free the kzalloc'ed buffer before returning in the success path.

CVSS: N/A CWE: N/A View on NVD
2025-12-16
Unknown

CVE-2025-68215

In the Linux kernel, the following vulnerability has been resolved: ice: fix PTP cleanup on driver removal in error path Improve the cleanup on releasing PTP resources in error path. The error case…

CVSS: N/A CWE: N/A View on NVD
2025-10-04
Medium

CVE-2022-50503

In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2_nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(add_range) invoked, if platform_get_…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-10-01
Medium

CVE-2023-53509

In the Linux kernel, the following vulnerability has been resolved: qed: allow sleep in qed_mcp_trace_dump() By default, qed_mcp_cmd_and_union() delays 10us at a time in a loop that can run 500K ti…

CVSS: 5.5 CWE: N/A View on NVD
2025-07-25
Medium

CVE-2025-38397

In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix suspicious RCU usage warning When I run the NVME over TCP test in virtme-ng, I get the following "suspicious…

CVSS: 5.5 CWE: N/A View on NVD
2025-05-13
Medium

CVE-2025-20629

Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of…

CVSS: 6.7 CWE: CWE-277 - Insecure Inherited Permissions View on NVD
2025-05-02
Medium

CVE-2023-53114

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in reco…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-09-13
Medium

CVE-2024-46702

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it g…

CVSS: 5.5 CWE: N/A View on NVD
2024-08-22
Medium

CVE-2022-48918

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses a…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-06-06
Medium

CVE-2024-4013

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved…

CVSS: 5.6 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2024-05-16
Medium

CVE-2024-4760

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug…

CVSS: 6.3 CWE: CWE-1247 - Improper Protection Against Voltage and Clock Glitches View on NVD
2024-03-02
High

CVE-2023-52531

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + s…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-11-21
Medium

CVE-2023-6238

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory…

CVSS: 6.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2022-08-25
High

CVE-2021-3929

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function…

CVSS: 8.2 CWE: CWE-416 - Use After Free View on NVD
2018-11-02
High

CVE-2018-16847

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to cras…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2015-07-16
Medium

CVE-2015-2614

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver.

CVSS: 4.9 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox