Products
NVIDIA CUDA toolkit
Source
psirt@nvidia.com
Tags
CVE-2024-0123 details
Published : Oct. 3, 2024, 5:15 p.m.
Last Modified : Oct. 3, 2024, 5:15 p.m.
Last Modified : Oct. 3, 2024, 5:15 p.m.
Description
NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.
CVSS Score
| 1 | 2 | 3.3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-1285 | Improper Validation of Specified Index, Position, or Offset in Input | The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
Base Score
3.3
Exploitability Score
1.8
Impact Score
1.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
References
| URL | Source |
|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5577 | psirt@nvidia.com |
This website uses the NVD API, but is not approved or certified by it.