CVE-2024-53870

Feb. 25, 2025, 9:15 p.m.

3.3
Low

Description

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

Product(s) Impacted

Product Versions
NVIDIA CUDA Toolkit
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5594

Tags

CWE-125
psirt@nvidia.com
2025-02-25
CVE-2024-53870

CVSS Score

3.3 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: LOW

    • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

    View Vector String

Timeline

Published: Feb. 25, 2025, 9:15 p.m.
Last Modified: Feb. 25, 2025, 9:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@nvidia.com

Linked Attack Reports

Apache Under the Lens: Tomcat's Partial PUT and Camel's Header Hijack

In March 2025, Apache disclosed three critical vulnerabilities: CVE-2025-24813 in Apache Tomcat and CVE-2025-27636 and CVE-2025-29891 in Apache Camel. These flaws allow remote code execution, affecting millions of developers. The Tomcat vulnerability exploits partial PUT requests and session persis…
exploit
vulnerability
apache
remote code execution
CVE-2025-27636
CVE-2025-24813
CVE-2025-29891
2025-07-03
tomcat
Published: July 3, 2025
Linked vulnerabilities : CVE-2024-1182 (CVSS 7.0), CVE-2024-7587 (CVSS 7.8), CVE-2024-0012 (CVSS 9.8), CVE-2024-9474 (CVSS 7.2), CVE-2024-8299 (CVSS 7.8), CVE-2025-0282 (CVSS 9.0), CVE-2025-0283 (CVSS 7.0), CVE-2024-53870 (CVSS 3.3), CVE-2025-27636 (CVSS 5.6), CVE-2025-24813 (CVSS 9.8), CVE-2025-29891 (CVSS 4.2), CVE-2025-31324 (CVSS 10.0)
Downloadable IOCs: 23

Active Exploitation of Microsoft SharePoint Vulnerabilities

Unit 42 is tracking ongoing threat activity targeting on-premises Microsoft SharePoint servers, particularly within government, schools, healthcare, and large enterprises. Multiple vulnerabilities (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, CVE-2025-53771) allow unauthenticated attackers to ac…
vulnerability
government
healthcare
exploitation
education
cve
CVE-2025-53770
CVE-2025-53771
2025-07-22
CVE-2025-49704
CVE-2025-49706
microsoft sharepoint
on-premises
Published: July 22, 2025
Linked vulnerabilities : CVE-2024-1182 (CVSS 7.0), CVE-2024-7587 (CVSS 7.8), CVE-2024-0012 (CVSS 9.8), CVE-2024-9474 (CVSS 7.2), CVE-2024-8299 (CVSS 7.8), CVE-2025-0282 (CVSS 9.0), CVE-2025-0283 (CVSS 7.0), CVE-2024-53870 (CVSS 3.3), CVE-2025-31324 (CVSS 10.0), CVE-2025-53770 (CVSS 9.8), CVE-2025-53771 (CVSS 7.1), CVE-2025-49704, CVE-2025-49706
Downloadable IOCs: 8

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.