Lucene search

[email protected]CVE-2022-21821

HistoryMar 29, 2022 - 8:15 p.m.

CVE-2022-21821

2022-03-2920:15:07

CWE-1285

CWE-190

[email protected]

web.nvd.nist.gov

137

nvidia

cuda toolkit

sdk

integer overflow

cuobjdump

remote code execution

denial of service

data confidentiality

data integrity

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.6%

JSON

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.

Affected configurations

NVD

Node

nvidiacuda_toolkitRange<11.6.2

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

CPENameOperatorVersion
nvidia:cuda_toolkitnvidia cuda toolkitlt11.6.2

CPE	Name	Operator	Version
nvidia:cuda_toolkit	nvidia cuda toolkit	lt	11.6.2

CNA Affected

[
  {
    "product": "NVIDIA CUDA Toolkit",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 11.6 Update 2"
      }
    ]
  }
]