cbcvebase.
CVE-2023-25514
published 2023-04-22

CVE-2023-25514: NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into…

medium6.6CVSS 3.1
AVLACLPRNUIRSUCLIHAL
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

Affected

3 ranges
VendorProductVersion rangeFixed in
debiannvidia-cuda-toolkit< nvidia-cuda-toolkit 12.1.1-1 (forky)nvidia-cuda-toolkit 12.1.1-1 (forky)
nvidiacuda_toolkit< 12.1.112.1.1
nvidianvidia_cuda_toolkit

CVSS provenance

nvdv3.16.6MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
osv6.6MEDIUM