CUDA Toolkit cuobjdump ELF Crash Denial of Service Exploit
CVE-2024-0111 Published on August 31, 2024

NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering.

NVD

Vulnerability Analysis

CVE-2024-0111 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.


Products Associated with CVE-2024-0111

Want to know whenever a new CVE is published for NVIDIA Cuda Toolkit? stack.watch will email you.

NVIDIA Cuda Toolkit
 

Affected Versions

NVIDIA CUDA Toolkit Version All versions up to and including CUDA Toolkit 12.6 is affected by CVE-2024-0111

Exploit Probability

EPSS
0.08%
Percentile
23.83%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.