Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-0110

Опубликовано: 31 авг. 2024
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.

A flaw was found in the NVIDIA CUDA Toolkit. Affected versions of this package contain a vulnerability in the cuobjdump command where a user may cause an out-of-bounds write by passing a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.

Отчет

The issue is classified as moderate severity primarily because it is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Lightspeedopenshift-lightspeed-beta/lightspeed-service-api-rhel9Affected
Red Hat Enterprise Linux AI (RHEL AI)rhelai1/bootc-nvidia-rhel9Will not fix
Red Hat Enterprise Linux AI (RHEL AI)rhelai1/instructlab-nvidia-rhel9Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2308799NVIDIA CUDA Toolkit: code execution or denial of service in NVIDIA CUDA

EPSS

Процентиль: 42%
0.00201
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-0110

CVSS3: 4.4
ubuntu
больше 1 года назад

NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.

nvd логотип

CVE-2024-0110

CVSS3: 4.4
nvd
больше 1 года назад

NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.

debian логотип

CVE-2024-0110

CVSS3: 4.4
debian
больше 1 года назад

NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` wh ...

github логотип

GHSA-379v-5xrg-g53f

CVSS3: 4.4
github
больше 1 года назад

NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service.

fstec логотип

BDU:2025-13646

CVSS3: 4.4
fstec
больше 1 года назад

Уязвимость утилиты cuobjdump программного средства для параллельных вычислений на графических процессорах NVIDIA CUDA Toolkit, позволяющая выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 42%
0.00201
Низкий

7.8 High

CVSS3