CVE-2024-0123Improper Validation of Specified Index, Position, or Offset in Input in Nvidia Cuda Toolkit

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input7 documents7 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 90.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia Cuda Toolkit
Timeline
PublishedOct 3

Description

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5nvidia/cuda_toolkitAll versions up to and including CUDA Toolkit 12.6U1

🔴Vulnerability Details

3
CVEList
CVE-2024-0123: NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validatio2024-10-03
GHSA
GHSA-ff23-px5j-g8qq: NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validatio2024-10-03
OSV
CVE-2024-0123: NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validatio2024-10-03

💥Exploits & PoCs

1
Exploit-DB
GL-iNet MT6000 4.5.5 - Arbitrary File Download2024-04-02

📋Vendor Advisories

2
Red Hat
NVIDIA CUDA Toolkit: improper input validation may lead to DoS2024-10-03
Debian
CVE-2024-0123: nvidia-cuda-toolkit - NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisa...2024
CVE-2024-0123 — Nvidia Cuda Toolkit vulnerability | cvebase