Bug#1084054: nvidia-cuda-toolkit: CVE-2024-0123 CVE-2024-0124 CVE-2024-0125
Moritz Mühlenhoff
jmm at inutil.org
Fri Oct 4 16:12:45 BST 2024
Source: nvidia-cuda-toolkit
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for nvidia-cuda-toolkit.
CVE-2024-0123[0]:
| NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability
| in the nvdisasm command line tool where an attacker may cause an
| improper validation in input issue by tricking the user into running
| nvdisasm on a malicious ELF file. A successful exploit of this
| vulnerability may lead to denial of service.
CVE-2024-0124[1]:
| NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability
| in the nvdisam command line tool, where a user can cause nvdisasm to
| read freed memory by running it on a malformed ELF file. A
| successful exploit of this vulnerability might lead to a limited
| denial of service.
CVE-2024-0125[2]:
| NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability
| in the nvdisam command line tool, where a user can cause a NULL
| pointer dereference by running nvdisasm on a malformed ELF file. A
| successful exploit of this vulnerability might lead to a limited
| denial of service.
https://nvidia.custhelp.com/app/answers/detail/a_id/5577
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-0123
https://www.cve.org/CVERecord?id=CVE-2024-0123
[1] https://security-tracker.debian.org/tracker/CVE-2024-0124
https://www.cve.org/CVERecord?id=CVE-2024-0124
[2] https://security-tracker.debian.org/tracker/CVE-2024-0125
https://www.cve.org/CVERecord?id=CVE-2024-0125
Please adjust the affected versions in the BTS as needed.
More information about the pkg-nvidia-devel
mailing list