NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(169508);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/10");
script_cve_id("CVE-2022-34667");
script_xref(name:"IAVB", value:"2023-B-0002-S");
script_name(english:"NVIDIA CUDA Toolkit < 11.8 Buffer Overflow Vulnerability");
script_set_attribute(attribute:"synopsis", value:
"The version of NVIDIA CUDA Toolkit installed on the remote host is affected by a buffer overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged
remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted
corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of
data integrity for the local user.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://nvidia.custhelp.com/app/answers/detail/a_id/5373");
script_set_attribute(attribute:"solution", value:
"Upgrade to NVIDIA CUDA Toolkit 11.8 or later.");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-34667");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/05");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nvidia:cuda_toolkit");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nvidia_cuda_toolkit_win_installed.nbin");
script_require_keys("installed_sw/NVIDIA CUDA Toolkit");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'NVIDIA CUDA Toolkit');
var constraints = [
{ 'fixed_version' : '11.8' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
Vendor | Product | Version | CPE |
---|---|---|---|
nvidia | cuda_toolkit | cpe:/a:nvidia:cuda_toolkit |