Out-of-Bounds Read Vulnerability in NVIDIA CUDA Toolkit for Linux and Windows
CVE-2023-25514

6.6MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Cuda Toolkit
Vendor: CVE Published:; 22 April 2023

Summary

The NVIDIA CUDA Toolkit for Linux and Windows is susceptible to an out-of-bounds read vulnerability found in the cuobjdump component. Attackers could exploit this vulnerability by enticing a user into executing cuobjdump with a specially crafted malformed input file. This exploitation could allow for limited denial of service, potential code execution, and restricted information disclosure, thereby putting systems at risk. Users are advised to review and apply necessary security measures.

Affected Version(s)

NVIDIA CUDA Toolkit All versions prior to 12.1 Update 1

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5456

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2023
Vulnerability Reserved
Feb 7, 2023