CVE-2024-0109

2024-08-3109:15:05

CWE-125

nvidia

web.nvd.nist.gov

nvidia

cuda toolkit

cuobjdump

elf file

out of bounds read

denial of service

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

13.5%

JSON

NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service.

Affected configurations

Nvd

Node

nvidiacuda_toolkitRange≤12.6.0

VendorProductVersionCPE
nvidiacuda_toolkit*cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	cuda_toolkit	*	cpe:2.3:a:nvidia:cuda_toolkit::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "NVIDIA CUDA Toolkit",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions up to and including CUDA Toolkit 12.6"
      }
    ]
  }
]