3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
0.0004 Low
EPSS
Percentile
12.8%
NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to partial denial of service. To protect your system, download and install this software update from the CUDA Toolkit Downloads page.
Go to NVIDIA Product Security.
This section summarizes the potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors follow CVSS v3.1 standards.
CVE ID | Description | Base Score | Vector and CWE |
---|---|---|---|
CVE‑2023‑25523 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. |
3.3 | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
CWE-476 |
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.
The following table lists the software products and versions affected, and the updated version available from nvidia.com that includes this security update.
Download the update from the CUDA Toolkit Downloads page to apply the security update.
CVEs Addressed | Software Product | Operating System | Affected Versions | Updated Version |
---|---|---|---|---|
CVE‑2023‑25523 | NVIDIA CUDA Toolkit | Linux, Windows | All versions prior to CUDA Toolkit v12.2 | CUDA Toolkit v12.2 |
Notes
NVIDIA thanks the following people for reporting these issues:
CVE‑2023‑25523: Jifan Xiao
CPE | Name | Operator | Version |
---|---|---|---|
nvidia cuda toolkit | lt | 12.2 |