CVE-2024-0102

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5548	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

16 Sep 2024, 19:37

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:nvidia:cuda_toolkit:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::*
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5548 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5548 - Vendor Advisory
Summary		(es) NVIDIA CUDA Toolkit para todas las plataformas contiene una vulnerabilidad en nvdisasm, donde un atacante puede causar un problema de lectura fuera de los límites engañando a un usuario para que lea un archivo ELF con formato incorrecto. Una explotación exitosa de esta vulnerabilidad podría provocar una denegación de servicio.
First Time		Linux Microsoft windows Linux linux Kernel Microsoft Nvidia cuda Toolkit Nvidia
CVSS	v2 : ~~unknown~~ v3 : ~~3.3~~	v2 : unknown v3 : 5.5

08 Aug 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-08 17:15

Updated : 2024-09-16 19:37

NVD link : CVE-2024-0102

Mitre link : CVE-2024-0102

CVE.ORG link : CVE-2024-0102

JSON object : View

Products Affected

linux

linux_kernel

microsoft

windows

nvidia

cuda_toolkit

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-0102", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-08-08T17:15:18.013", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5548", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service."}, {"lang": "es", "value": "NVIDIA CUDA Toolkit para todas las plataformas contiene una vulnerabilidad en nvdisasm, donde un atacante puede causar un problema de lectura fuera de los l\u00edmites enga\u00f1ando a un usuario para que lea un archivo ELF con formato incorrecto. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio."}], "lastModified": "2024-09-16T19:37:37.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65449B35-911D-495A-8A4F-1B45D8F79998", "versionEndExcluding": "12.6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}