Bug#1070177: nvidia-cuda-toolkit: CVE-2024-0072, CVE-2024-0076
Andreas Beckmann
anbe at debian.org
Wed May 1 12:41:38 BST 2024
Source: nvidia-cuda-toolkit
Version: 4.0.13-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
https://nvidia.custhelp.com/app/answers/detail/a_id/5517
CVE-2024-0072 NVIDIA CUDA toolkit for all platforms contains a
vulnerability in cuobjdump and nvdisasm where an attacker may cause a
crash by tricking a user into reading a malformed ELF file. A successful
exploit of this vulnerability may lead to a partial denial of service.
CVE-2024-0076 NVIDIA CUDA toolkit for all platforms contains a
vulnerability in cuobjdump and nvdisasm where an attacker may cause a
crash by tricking a user into reading a malformed ELF file. A successful
exploit of this vulnerability may lead to a partial denial of service.
CVE-2023-31028 NVIDIA nvJPEG2000 Library for Windows and Linux contains
a vulnerability where improper input validation might enable an attacker
to use a specially crafted input file. A successful exploit of this
vulnerability might lead to a partial denial of service.
CVE-2024-0080 NVIDIA nvTIFF Library for Windows and Linux contains a
vulnerability where improper input validation might enable an attacker
to use a specially crafted input file. A successful exploit of this
vulnerability might lead to a partial denial of service.
CVE IDs Addressed Affected Products Affected Versions Updated Version
CVE-2024-0072
CVE-2024-0076 NVIDIA CUDA Toolkit All versions prior to CUDA Toolkit v12.4 CUDA Toolkit v12.4U1
CVE-2023-31028 nvJPEG2000 Library All versions prior to nvJPEG2000 v0.7.x nvJPEG2000 v0.7.x
CVE-2024-0080 nvTIFF Library All versions prior to nvTIFF v0.3.0 nvTIFF v0.3.0
nvJPEG2000 and nvTIFF are not part of the CUDA Toolkit and are not
packaged in Debian.
Andreas
More information about the pkg-nvidia-devel
mailing list