Out-of-Bounds Read Vulnerability in NVIDIA CUDA Toolkit
CVE-2025-23271
What is CVE-2025-23271?
CVE-2025-23271 is a security vulnerability found in the NVIDIA CUDA Toolkit, specifically within the nvdisasm binary component. The CUDA Toolkit is widely used for GPU computing, enabling developers to harness the power of NVIDIA GPUs for applications across various domains, including machine learning, scientific computing, and graphics rendering. This vulnerability arises from an out-of-bounds read condition, which can be triggered by providing a malformed Executable and Linkable Format (ELF) file as input to the nvdisasm tool. If exploited, this flaw could lead to a partial denial of service, causing disruptions in application performance and potentially affecting user experience within organizations relying on the CUDA Toolkit for critical computational tasks.
Potential impact of CVE-2025-23271
-
Partial Denial of Service: Exploitation of this vulnerability may result in a partial denial of service, where applications leveraging the CUDA Toolkit experience performance degradation or application crashes, thereby interrupting workflows and productivity.
-
Data Corruption Risks: Maliciously crafted ELF files not only disrupt service but also increase the risk of data corruption, leading to potential loss of valuable data processed during GPU computations, which can have cascading impacts on project timelines and outcomes.
-
Increased Attack Surface: Organizations utilizing the CUDA Toolkit may face higher exposure to threat actors who could leverage this vulnerability as an entry point for further attacks, making it crucial to address this security issue promptly to safeguard the integrity and security of their computational environments.
Affected Version(s)
NVIDIA CUDA Toolkit Windows All versions prior to CUDA Toolkit 13.0