Bug#1008696: Bug#1008695: nvidia-cuda-toolkit: CVE-2022-21821
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 30 20:55:48 BST 2022
Hi,
On Wed, Mar 30, 2022 at 09:35:16PM +0200, Andreas Beckmann wrote:
> Package: nvidia-cuda-toolkit
> Version: 4.0.13-1
> Severity: serious
> Tags: security
>
> https://nvidia.custhelp.com/app/answers/detail/a_id/5334
>
> CVE-2022-21821 NVIDIA CUDA Toolkit SDK contains an integer overflow
> vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker
> would require a local user to download a specially crafted, corrupted file
> and locally execute cuobjdump against the file. Such an attack may lead to
> remote code execution that causes complete denial of service and an impact
> on data confidentiality and integrity.
>
> Affected Versions
> All versions prior to CUDA Toolkit 11.6 Update 2
Ha, nice race :) (#1008695 and 1008696).
Let's merge then.
Regards,
Salvatore
More information about the pkg-nvidia-devel
mailing list