CVE-2025-23308

CWE-122Heap-based Buffer OverflowCWE-416Use After Free6 documents6 sources
Severity
7.8HIGH
EPSS
0.0%
top 97.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Cuda ToolkitNvidia Nvidia Cuda Toolkit
Timeline
PublishedSep 24

Description

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDnvidia/cuda_toolkit< 13.0.0
CVEListV5nvidia/nvidia_cuda_toolkitAll versions prior to CUDA Toolkit 13.0

🔴Vulnerability Details

3
OSV
CVE-2025-23308: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the use2025-09-24
GHSA
GHSA-cjjp-vvw5-q784: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the use2025-09-24
CVEList
CVE-2025-23308: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the use2025-09-24

📋Vendor Advisories

2
Debian
CVE-2025-23308: nvidia-cuda-toolkit - NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where...2025
Microsoft
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.2022-02-08
CVE-2025-23308 (HIGH CVSS 7.8) | NVIDIA CUDA Toolkit for all platfor | cvebase.io