Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5373
HistoryOct 07, 2022 - 12:00 a.m.

Security Bulletin: NVIDIA CUDA Toolkit - October 2022

2022-10-0700:00:00
nvidia.custhelp.com
8
nvidia cuda toolkit
buffer overflow
denial of service
data integrity
security update
nvidia product security

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

0.001 Low

EPSS

Percentile

31.8%

JSON

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, denial of service, or information disclosure.

To protect your system, download and install this software update from the CUDA Toolkit Downloads page.

Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

CVE ID Description Base Score Vector
CVE‑2022‑34667 NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. 4.4 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

Download the update from the CUDA Toolkit Downloads page to apply the security update.

CVE IDs Addressed Software Product Operating System Affected Versions Updated Version
CVE‑2022‑34667 NVIDIA CUDA Toolkit Linux and Windows All versions prior to 11.8 11.8

Notes

  • Earlier software releases of this product are also affected. If you are using an earlier release, upgrade to the latest release.

Acknowledgements

CVE‑2022‑34667: NVIDIA thanks hjy79425575 for reporting this issue.

CPENameOperatorVersion
nvidia cuda toolkitlt11.8

Related

cvelist 1
cve 1
nvd 1
nessus 1
debiancve 1
veracode 1
ubuntucve 1
prion 1
cvelist
cvelist
CVE-2022-34667
2022-11-18 00:00:00
cve
cve
CVE-2022-34667
2022-11-19 00:15:29
nvd
nvd
CVE-2022-34667
2022-11-19 00:15:29
nessus
nessus
NVIDIA CUDA Toolkit < 11.8 Buffer Overflow Vulnerability
2023-01-04 00:00:00
debiancve
debiancve
CVE-2022-34667
2022-11-19 00:15:29
veracode
veracode
Stack-Based Buffer Overflow
2023-03-10 20:40:31
ubuntucve
ubuntucve
CVE-2022-34667
2022-11-19 00:00:00
prion
prion
Stack overflow
2022-11-19 00:15:00

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

0.001 Low

EPSS

Percentile

31.8%

JSON
Related for NVIDIA:5373
cvelist1cve1nvd1nessus1debiancve1veracode1ubuntucve1prion1