CVE-2024-0123

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

N

VIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5577	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

18 Sep 2025, 18:10

Type	Values Removed	Values Added
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5577 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5577 - Vendor Advisory
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:nvidia:cuda_toolkit::::::::
First Time		Microsoft windows Microsoft Linux Nvidia cuda Toolkit Linux linux Kernel Nvidia

04 Oct 2024, 13:50

Type	Values Removed	Values Added
Summary		(es) El kit de herramientas NVIDIA CUDA para Windows y Linux contiene una vulnerabilidad en la herramienta de línea de comandos nvdisasm, que permite a un atacante provocar una validación incorrecta en la entrada de datos engañando al usuario para que ejecute nvdisasm en un archivo ELF malicioso. Una explotación exitosa de esta vulnerabilidad puede provocar una denegación de servicio.

03 Oct 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-03 17:15

Updated : 2025-09-18 18:10

NVD link : CVE-2024-0123

Mitre link : CVE-2024-0123

CVE.ORG link : CVE-2024-0123

JSON object : View

Products Affected

cuda_toolkit

linux_kernel

windows

CWE

CWE-1285

Improper Validation of Specified Index, Position, or Offset in Input

{"id": "CVE-2024-0123", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-10-03T17:15:14.030", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5577", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1285"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service."}, {"lang": "es", "value": "El kit de herramientas NVIDIA CUDA para Windows y Linux contiene una vulnerabilidad en la herramienta de l\u00ednea de comandos nvdisasm, que permite a un atacante provocar una validaci\u00f3n incorrecta en la entrada de datos enga\u00f1ando al usuario para que ejecute nvdisasm en un archivo ELF malicioso. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio."}], "lastModified": "2025-09-18T18:10:58.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "312DD4D2-92F9-491D-AB3C-A6213E662B4F", "versionEndIncluding": "12.6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}