CUDA Toolkit Vulnerability Could Lead to Code Execution or Denial of Service
CVE-2024-0110

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Cuda Toolkit
Vendor: CVE Published:; 31 August 2024

Summary

The NVIDIA CUDA Toolkit exhibits a vulnerability within the cuobjdump command, specifically when it processes malformed ELF (Executable and Linkable Format) files. This flaw enables users to inadvertently induce an out-of-bound write situation. If exploited, this vulnerability could allow unauthorized code execution or lead to denial of service, impacting system stability and security. Users of the NVIDIA CUDA Toolkit should review their use of the cuobjdump command and take measures to validate input files to mitigate potential risks.

Affected Version(s)

CUDA Toolkit Windows All versions up to and including CUDA Toolkit 12.6

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5564

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2024
Vulnerability Reserved
Dec 2, 2023