Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 9 |
CVE-ID | CVE-2024-53870 CVE-2024-53871 CVE-2024-53872 CVE-2024-53874 CVE-2024-53875 CVE-2024-53876 CVE-2024-53877 CVE-2024-53878 CVE-2024-53879 |
CWE-ID | CWE-125 CWE-476 CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
CUDA Toolkit Universal components / Libraries / Software for developers |
Vendor | nVidia |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
EUVDB-ID: #VU104208
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-53870
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the cuobjdump binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCUDA Toolkit: 12.0.0 - 12.6.68
CPE2.3https://nvidia.custhelp.com/app/answers/detail/a_id/5594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104209
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-53871
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the nvdisasm binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCUDA Toolkit: 12.0.0 - 12.6.68
CPE2.3https://nvidia.custhelp.com/app/answers/detail/a_id/5594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104210
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-53872
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the cuobjdump binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCUDA Toolkit: 12.0.0 - 12.6.68
CPE2.3https://nvidia.custhelp.com/app/answers/detail/a_id/5594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104216
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-53874
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the cuobjdump binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCUDA Toolkit: 12.0.0 - 12.6.68
CPE2.3https://nvidia.custhelp.com/app/answers/detail/a_id/5594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104217
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-53875
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the cuobjdump binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCUDA Toolkit: 12.0.0 - 12.6.68
CPE2.3https://nvidia.custhelp.com/app/answers/detail/a_id/5594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104218
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-53876
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the nvdisasm binary. A remote attacker can create a specially crafted ELF file, trick the victim into opening it, trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCUDA Toolkit: 12.0.0 - 12.6.68
CPE2.3https://nvidia.custhelp.com/app/answers/detail/a_id/5594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104219
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-53877
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the nvdisasm binary. A remote attacker can trick a victim to open a specially crafted ELF file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCUDA Toolkit: 12.0.0 - 12.6.68
CPE2.3https://nvidia.custhelp.com/app/answers/detail/a_id/5594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104220
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53878
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cuobjdump binary. A remote user can trick a victim to open a specially crafted ELF file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCUDA Toolkit: 12.0.0 - 12.6.68
CPE2.3https://nvidia.custhelp.com/app/answers/detail/a_id/5594
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU104221
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53879
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the cuobjdump binary. A remote user can trick a victim to open a specially crafted ELF file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCUDA Toolkit: 12.0.0 - 12.6.68
CPE2.3https://nvidia.custhelp.com/app/answers/detail/a_id/5594
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.