Security Bulletin: NVIDIA CUDA Toolkit - July 2024

2024-07-1100:00:00

nvidia.custhelp.com

nvidia

security update

cuda toolkit

vulnerability

nvdisasm

denial of service

update

12.6

windows

linux

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

13.4%

JSON

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the CUDA Toolkit Downloads page.

Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

CVE ID	Description	Vector	Base Score	Severity	CWE	Impacts
CVE-2024-0102	NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service.	AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	3.3	Low	CWE‑125	Denial of service

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.