CVE-2024-0109

2024-08-3108:24:39

CWE-125

nvidia

www.cve.org

nvidia

cuda toolkit

cuobjdump

vulnerability

elf file

denial of service

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS

Percentile

13.5%

JSON

NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "NVIDIA CUDA Toolkit",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions up to and including CUDA Toolkit 12.6"
      }
    ]
  }
]