NvidiaNVIDIA:5446Security Bulletin: NVIDIA CUDA Toolkit - March 2023
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
0.0004 Low
EPSS
Percentile
5.1%
NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to denial of service or information disclosure.
To protect your system, download and install this software update from the CUDA Toolkit Downloads page.
Go to NVIDIA Product Security.
Details
This section summarizes the potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors follow CVSS v3.1 standards.
| CVE ID | Description | Base Score | Vector/CWE |
|---|---|---|---|
| CVE‑2023‑0193 | NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. |
4.4 | AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L |
| CWE-125 | |||
| CVE‑2023‑0196 | NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service. |
3.3 | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
| CWE-476 |
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.
Security Updates
The following table lists the software products and versions affected, and the updated version available from nvidia.com that includes this security update.
Download the update from the CUDA Toolkit Downloads page to apply the security update.
| CVEs Addressed | Software Product | Operating System | Affected Versions | Updated Version |
|---|---|---|---|---|
| CVE‑2023‑0193 | ||||
| CVE‑2023‑0196 | NVIDIA CUDA Toolkit | Linux | All versions prior to 12.1 | 12.1 |
| Windows | All versions prior to 12.1 | 12.1 |
Notes
- Earlier software releases of this product are also affected. If you are using an earlier release, upgrade to the latest release version.
Acknowledgements
CVE‑2023‑0193: NVIDIA thanks r3pwnx (@r3pwnx) of 360AIVul for reporting this issue.
CVE‑2023‑0196: NVIDIA thanks hjy79425575 for reporting this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nvidia cuda toolkit | lt | 12.1 |
Related
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
0.0004 Low
EPSS
Percentile
5.1%