Lucene search

K
cveNvidiaCVE-2024-0072
HistoryApr 05, 2024 - 6:15 p.m.

CVE-2024-0072

2024-04-0518:15:08
CWE-476
nvidia
web.nvd.nist.gov
39
nvidia
cuda toolkit
vulnerability
cuobjdump
nvdisasm
crash
malformed elf file
denial of service

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

3.9

Confidence

High

EPSS

0

Percentile

9.0%

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVIDIA CUDA Toolkit",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to CUDA Toolkit v12.4"
      }
    ]
  }
]

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

3.9

Confidence

High

EPSS

0

Percentile

9.0%