CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
9.5%
NVIDIA has released a software update for NVIDIA® CV-CUDA®. To protect your system, download and install this software update from the Releases tab on the CV-CUDA Github page.
Go to NVIDIA Product Security.
This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.
CVE ID | Description | Vector | Base Score | Severity | CWE | Impacts |
---|---|---|---|---|---|---|
CVE-2024-0115 | NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss. | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H | 6.1 | Medium | CWE‑400 | Denial of service, data loss |
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.
The following table lists the NVIDIA products affected, versions affected, and the updated version that includes this security update. Download the update from the Releases tab on the CV-CUDA Github page to apply the security update.
CVE IDs Addressed | Affected Products | Platform or OS | Affected Versions | Updated Version |
---|
CVE‑2024-0115
| NVIDIA CV-CUDA | Ubuntu 20.04, Ubuntu 22.04, Jetpack | v0.1.x - v0.9.x | v0.10.0