Multiple vulnerabilities in NVIDIA CUDA Toolkit



Risk Medium
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2024-53870
CVE-2024-53871
CVE-2024-53872
CVE-2024-53874
CVE-2024-53875
CVE-2024-53876
CVE-2024-53877
CVE-2024-53878
CVE-2024-53879
CWE-ID CWE-125
CWE-476
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
CUDA Toolkit
Universal components / Libraries / Software for developers

Vendor nVidia

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU104208

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-53870

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the cuobjdump binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

CUDA Toolkit: 12.0.0 - 12.6.68

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5594


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU104209

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-53871

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the nvdisasm binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

CUDA Toolkit: 12.0.0 - 12.6.68

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5594


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU104210

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-53872

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the cuobjdump binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

CUDA Toolkit: 12.0.0 - 12.6.68

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5594


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU104216

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-53874

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the cuobjdump binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

CUDA Toolkit: 12.0.0 - 12.6.68

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5594


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU104217

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-53875

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the cuobjdump binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

CUDA Toolkit: 12.0.0 - 12.6.68

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5594


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU104218

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-53876

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the nvdisasm binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

CUDA Toolkit: 12.0.0 - 12.6.68

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5594


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU104219

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-53877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the nvdisasm binary. A remote attacker can trick a victim to open a specially crafted ELF file and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CUDA Toolkit: 12.0.0 - 12.6.68

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5594


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU104220

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53878

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the cuobjdump binary. A remote user can trick a victim to open a specially crafted ELF file and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CUDA Toolkit: 12.0.0 - 12.6.68

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5594


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU104221

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53879

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the cuobjdump binary. A remote user can trick a victim to open a specially crafted ELF file and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CUDA Toolkit: 12.0.0 - 12.6.68

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5594


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###