First published: Sat Apr 22 2023(Updated: )
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
NVIDIA CUDA Toolkit | <12.1.1 | |
Linux Linux kernel | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-25514 is a vulnerability in NVIDIA CUDA toolkit for Linux and Windows that allows an attacker to cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file.
The severity of CVE-2023-25514 is medium with a CVSS score of 6.6.
An attacker can exploit CVE-2023-25514 by tricking a user into running cuobjdump on a malformed input file.
The potential consequences of exploiting CVE-2023-25514 include limited denial of service, code execution, and potential privilege escalation.
To mitigate CVE-2023-25514, it is recommended to update to a version of NVIDIA CUDA toolkit that is not vulnerable to this issue.