Deserialization Vulnerability in NVIDIA RAPIDS Products
CVE-2024-0140

6.8MEDIUM

Key Information:

Vendor: Nvidia
Status: Rapids Cudf And Cuml
Vendor: CVE Published:; 28 January 2025

Summary

NVIDIA RAPIDS suffers from a deserialization vulnerability present in the cuDF and cuML components. This issue arises when untrusted data is deserialized, potentially allowing attackers to execute arbitrary code, manipulate data, cause denial of service, or disclose sensitive information. It is critical for users to apply the necessary patches and follow best security practices to mitigate risks associated with this vulnerability.

Affected Version(s)

RAPIDS cuDF and cuML Linux All versions prior to 24.12.00

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5597

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Dec 2, 2023