Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5469
HistoryJun 29, 2023 - 12:00 a.m.

Security Bulletin: NVIDIA CUDA Toolkit - June 2023

2023-06-2900:00:00
nvidia.custhelp.com
7
nvidia
cuda toolkit
security update
partial denial of service
vulnerability
linux
windows
software
jifan xiao
cve-2023-25523
cwe-476
cvss v3.1

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

12.8%

JSON

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to partial denial of service. To protect your system, download and install this software update from the CUDA Toolkit Downloads page.

Go to NVIDIA Product Security.

Details

This section summarizes the potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors follow CVSS v3.1 standards.

CVE ID Description Base Score Vector and CWE
CVE‑2023‑25523 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE-476

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

Security Updates

The following table lists the software products and versions affected, and the updated version available from nvidia.com that includes this security update.

Download the update from the CUDA Toolkit Downloads page to apply the security update.

CVEs Addressed Software Product Operating System Affected Versions Updated Version
CVE‑2023‑25523 NVIDIA CUDA Toolkit Linux, Windows All versions prior to CUDA Toolkit v12.2 CUDA Toolkit v12.2

Notes

  • Earlier software releases of this product are also affected. If you are using an earlier release, upgrade to the latest release version.

Acknowledgements

NVIDIA thanks the following people for reporting these issues:

CVE‑2023‑25523: Jifan Xiao

CPENameOperatorVersion
nvidia cuda toolkitlt12.2

Related

cvelist 1
nessus 1
debiancve 1
cve 1
ubuntucve 1
osv 1
prion 1
nvd 1
cvelist
cvelist
CVE-2023-25523
2023-07-03 23:27:59
nessus
nessus
NVIDIA CUDA Toolkit < 12.2 DoS
2023-07-06 00:00:00
debiancve
debiancve
CVE-2023-25523
2023-07-04 00:15:09
cve
cve
CVE-2023-25523
2023-07-04 00:15:09
ubuntucve
ubuntucve
CVE-2023-25523
2023-07-04 00:00:00
osv
osv
CVE-2023-25523
2023-07-04 00:15:09
prion
prion
Null pointer dereference
2023-07-04 00:15:00
nvd
nvd
CVE-2023-25523
2023-07-04 00:15:09

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

12.8%

JSON
Related for NVIDIA:5469
cvelist1nessus1debiancve1cve1ubuntucve1osv1prion1nvd1