CVE-2024-0124Use After Free in Nvidia Cuda Toolkit

CWE-416Use After Free6 documents6 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 79.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia Cuda Toolkit
Timeline
PublishedOct 3

Description

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDnvidia/cuda_toolkit< 12.6.2
CVEListV5nvidia/cuda_toolkitAll versions up to and including CUDA Toolkit 12.6U1

🔴Vulnerability Details

3
OSV
CVE-2024-0124: NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed mem2024-10-03
GHSA
GHSA-2f42-mj3m-xhvx: NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed mem2024-10-03
CVEList
CVE-2024-0124: NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed mem2024-10-03

📋Vendor Advisories

2
Red Hat
NVIDIA CUDA Toolkit: use after free may lead to DoS2024-10-03
Debian
CVE-2024-0124: nvidia-cuda-toolkit - NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisa...2024
CVE-2024-0124 — Use After Free in Nvidia Cuda Toolkit | cvebase