NVIDIA Releases Security Advisory Regarding Log4Shell Affected Products

December 23, 2021

NVIDIA has released a security advisory addressing multiple products vulnerable to the recently reported Log4Shell Vulnerability.

The affected products are multiple enterprise environment tools and components. No consumer-grade applications are known to be affected at this point.

Affected Products

  • CUDA Toolkit Nsight Eclipse Edition – Prior to version ‘11.0’.
  • DGX Systems – Only vulnerable if a user has installed Log4j individually.
  • NETQ – Versions ‘2.x’, ‘3.x’ and ‘4.0.x’.
  • VGPU Software License Server – Versions ‘2021.07’ and ‘2020.05 Update 1’.


To mitigate the risk of system compromise, CYREBRO recommends following the mitigation steps for relevant products as presented below:

  • CUDA Toolkit Nsight Eclipse Edition:
    • Update to an Nsight Eclipse Plugins Edition in CUDA Toolkit version ‘11.0’ or later.
  • DGX Systems:
    • If Log4j is installed on the system, check the version by running ‘$apt-cache policy liblog4j2-java’.
      The correct version should be:

      • For DGX OS 5: ‘liblog4j2-java 2.17.0-’
      • For DGX OS 4: ‘liblog4j2-java 2.10.0-2ubuntu0.1’
    • If the Log4j version is not updated, run:
      • ‘$sudo apt update’
      • ‘$sudo apt full-upgrade’.
    • If the Log4j version is up-to-date, or Log4j is not installed – There is no threat.
  • NETQ:
    • Upgrade on-premises telemetry servers to the 4.1.0 release by the following guide.
    • SaaS customers should upgrade OPTA servers to 4.1.0.
  • VGPU Software License Server:

Source: NVIDIA Security Advisory.

Sign Up for Updates