CUDA Toolkit nvdisasm Improper Input Validation Allows DoS
CVE-2024-0123 Published on October 3, 2024

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

NVD

Vulnerability Analysis

CVE-2024-0123 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
LOW

Weakness Type

Improper Validation of Specified Index, Position, or Offset in Input

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.


Products Associated with CVE-2024-0123

Want to know whenever a new CVE is published for NVIDIA Cuda Toolkit? stack.watch will email you.

NVIDIA Cuda Toolkit
 

Affected Versions

NVIDIA CUDA Toolkit Version All versions up to and including CUDA Toolkit 12.6U1 is affected by CVE-2024-0123

Exploit Probability

EPSS
0.03%
Percentile
9.14%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.