Products
NVIDIA CUDA Toolkit
Source
psirt@nvidia.com
Tags
CVE-2024-0111 details
Published : Aug. 31, 2024, 9:15 a.m.
Last Modified : Aug. 31, 2024, 9:15 a.m.
Last Modified : Aug. 31, 2024, 9:15 a.m.
Description
NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering.
CVSS Score
| 1 | 2 | 3 | 4.4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-1284 | Improper Validation of Specified Quantity in Input | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
Base Score
4.4
Exploitability Score
1.8
Impact Score
2.5
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
References
| URL | Source |
|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5564 | psirt@nvidia.com |
This website uses the NVD API, but is not approved or certified by it.