NULL Pointer Dereference in NVIDIA CUDA Toolkit SDK for Linux and Windows
CVE-2023-25510

3.3LOW

Key Information:

Vendor: Nvidia
Status: Nvidia Cuda Toolkit
Vendor: CVE Published:; 22 April 2023

What is CVE-2023-25510?

A NULL pointer dereference vulnerability exists in the NVIDIA CUDA Toolkit SDK for both Linux and Windows platforms. This issue arises when a local user executes the cuobjdump tool against a specially crafted binary, which can lead to a limited denial of service. The malformed binaries can exploit this weakness, potentially affecting the availability of services relying on the CUDA Toolkit SDK.

Affected Version(s)

NVIDIA CUDA Toolkit All versions prior to 12.1 Update 1

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5456

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2023
Vulnerability Reserved
Feb 7, 2023

Nvidia

What is CVE-2023-25510?

Affected Version(s)

References

CVSS V3.1

Timeline