CVE-2024-0109

NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5564	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-31 09:15

Updated : 2024-09-18 15:18

NVD link : CVE-2024-0109

Mitre link : CVE-2024-0109

CVE.ORG link : CVE-2024-0109

JSON object : View

Products Affected

nvidia

cuda_toolkit

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-0109", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-08-31T09:15:05.140", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5564", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service."}, {"lang": "es", "value": "NVIDIA CUDA Toolkit contiene una vulnerabilidad en el comando `cuobjdump` donde un usuario puede provocar un bloqueo al pasar un archivo ELF mal formado. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una lectura fuera de los l\u00edmites en la memoria del proceso sin privilegios, lo que podr\u00eda provocar una denegaci\u00f3n de servicio limitada."}], "lastModified": "2024-09-18T15:18:06.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D738AEA3-D35A-4153-922B-AB6882706662", "versionEndIncluding": "12.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@nvidia.com"}