Out-of-Bounds Read Vulnerability in NVIDIA CUDA Toolkit SDK
CVE-2023-0193

4.4MEDIUM

Key Information:

Vendor: NVIDIA
Status: NVIDIA CUDA Toolkit
Vendor: CVE Published:; 10 March 2023

Summary

The NVIDIA CUDA Toolkit SDK features a vulnerability within the cuobjdump tool that allows a local user to execute the tool against a malicious binary. This exploitation could trigger an out-of-bounds read, leading to a limited denial of service and the potential for limited information disclosure, posing risks for system security. It is essential for users of the CUDA Toolkit SDK to be aware of this vulnerability and adopt appropriate measures to mitigate associated risks.

Affected Version(s)

NVIDIA CUDA Toolkit Windows All versions prior to 12.1

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5446

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2023
Vulnerability Reserved
Jan 11, 2023