Bug#1008696: Bug#1008695: nvidia-cuda-toolkit: CVE-2022-21821

Salvatore Bonaccorso carnil at debian.org
Wed Mar 30 20:55:48 BST 2022


Hi,

On Wed, Mar 30, 2022 at 09:35:16PM +0200, Andreas Beckmann wrote:
> Package: nvidia-cuda-toolkit
> Version: 4.0.13-1
> Severity: serious
> Tags: security
> 
> https://nvidia.custhelp.com/app/answers/detail/a_id/5334
> 
> CVE-2022-21821 	NVIDIA CUDA Toolkit SDK contains an integer overflow
> vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker
> would require a local user to download a specially crafted, corrupted file
> and locally execute cuobjdump against the file. Such an attack may lead to
> remote code execution that causes complete denial of service and an impact
> on data confidentiality and integrity.
> 
> Affected Versions
> All versions prior to CUDA Toolkit 11.6 Update 2

Ha, nice race :) (#1008695 and 1008696).

Let's merge then.

Regards,
Salvatore



More information about the pkg-nvidia-devel mailing list