Bug#1008696: nvidia-cuda-toolkit: CVE‑2022‑21821
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 30 20:36:31 BST 2022
Source: nvidia-cuda-toolkit
Version: 11.4.3-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for nvidia-cuda-toolkit.
CVE-2022-21821[0]:
| NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in
| cuobjdump.To exploit this vulnerability, a remote attacker would
| require a local user to download a specially crafted, corrupted file
| and locally execute cuobjdump against the file. Such an attack may
| lead to remote code execution that causes complete denial of service
| and an impact on data confidentiality and integrity.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-21821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21821
[1] https://nvidia.custhelp.com/app/answers/detail/a_id/5334
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-nvidia-devel
mailing list