CVE-2022-21821

CWE-1285CWE-190Integer Overflow5 documents5 sources
Severity
7.8HIGH
EPSS
0.5%
top 35.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Cuda ToolkitNvidia Nvidia Cuda Toolkit
Timeline
PublishedMar 29
Latest updateMar 30

Description

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDnvidia/cuda_toolkit< 11.6.2
Debiannvidia-cuda-toolkit< 11.6.2-2+2
CVEListV5nvidia/nvidia_cuda_toolkitAll versions prior to 11.6 Update 2

🔴Vulnerability Details

3
GHSA
GHSA-gj57-j72r-r89g: NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump2022-03-30
OSV
CVE-2022-21821: NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump2022-03-29
CVEList
CVE-2022-21821: NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump2022-03-29

📋Vendor Advisories

1
Debian
CVE-2022-21821: nvidia-cuda-toolkit - NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump....2022
CVE-2022-21821 (HIGH CVSS 7.8) | NVIDIA CUDA Toolkit SDK contains an | cvebase.io