NVIDIA recently released an advisory in which it verifies Log4J flaws in a few of its solutions which hinders its operations. According to the advisory Nsight Eclipse Edition and CUDA Toolkit Visual Profiler, DGX Systems Inc, NetQ, and vGPU Software License Server are greatly impacted by these flaws.
NVIDIA has also evaluated its other products to see if they are susceptible to the Log4shell sensitivity in the Log4J library and discovered no Log4j flaws in Client software for GeForce Experience, GPU Display Drivers for Windows, L4T Jetson Products, GeForceNOW Client Software, andSHIELD TELEVISION.
NVIDIA also notified clients that the CUDA Toolkit Visual Profiler contains Log4j files, and yet the application does not employ the library. According to the advisory, “CUDA Toolkit includes Log4j.
Even so, it is not being adopted, and users who have the Log4j files are not vulnerable. Because they are no longer in use, a notification to delete the Log4j files from CUDA Toolkit is being created. Worried clients can safely remove the files as a precaution. As shown in the advisory, DGX systems are not affected by susceptibility by default because DGX OS versions did not involve Log4j.
Users can, though, switch from defective libraries to supplementary software. Users are advised to update their installations to the most latest version of the library; another option is to delete it. NVIDIA is also looking into the influence of Log4J weaknesses in its further services.