CVE-2024-0109

NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5564	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*

History

18 Sep 2024, 15:18

Type	Values Removed	Values Added
CPE		cpe:2.3:a:nvidia:cuda_toolkit::::::::
First Time		Nvidia cuda Toolkit Nvidia
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5564 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5564 - Vendor Advisory

03 Sep 2024, 12:59

Type	Values Removed	Values Added
Summary		(es) NVIDIA CUDA Toolkit contiene una vulnerabilidad en el comando `cuobjdump` donde un usuario puede provocar un bloqueo al pasar un archivo ELF mal formado. Una explotación exitosa de esta vulnerabilidad puede provocar una lectura fuera de los límites en la memoria del proceso sin privilegios, lo que podría provocar una denegación de servicio limitada.

31 Aug 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-31 09:15

Updated : 2024-09-18 15:18

NVD link : CVE-2024-0109

Mitre link : CVE-2024-0109

CVE.ORG link : CVE-2024-0109

JSON object : View

Products Affected

nvidia

cuda_toolkit

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-0109", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-08-31T09:15:05.140", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5564", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service."}, {"lang": "es", "value": "NVIDIA CUDA Toolkit contiene una vulnerabilidad en el comando `cuobjdump` donde un usuario puede provocar un bloqueo al pasar un archivo ELF mal formado. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una lectura fuera de los l\u00edmites en la memoria del proceso sin privilegios, lo que podr\u00eda provocar una denegaci\u00f3n de servicio limitada."}], "lastModified": "2024-09-18T15:18:06.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D738AEA3-D35A-4153-922B-AB6882706662", "versionEndIncluding": "12.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@nvidia.com"}