Source: nvidia-cuda-toolkit X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for nvidia-cuda-toolkit. CVE-2023-25510[0]: | NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer | dereference in cuobjdump, where a local user running the tool against | a malformed binary may cause a limited denial of service. CVE-2023-25511[1]: | NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in | cuobjdump, where a division-by-zero error may enable a user to cause a | crash, which may lead to a limited denial of service. CVE-2023-25512[2]: | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in | cuobjdump, where an attacker may cause an out-of-bounds memory read by | running cuobjdump on a malformed input file. A successful exploit of | this vulnerability may lead to limited denial of service, code | execution, and limited information disclosure. CVE-2023-25513[3]: | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in | cuobjdump, where an attacker may cause an out-of-bounds read by | tricking a user into running cuobjdump on a malformed input file. A | successful exploit of this vulnerability may lead to limited denial of | service, code execution, and limited information disclosure. CVE-2023-25514[4]: | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in | cuobjdump, where an attacker may cause an out-of-bounds read by | tricking a user into running cuobjdump on a malformed input file. A | successful exploit of this vulnerability may lead to limited denial of | service, code execution, and limited information disclosure. Upstream announcement is at https://nvidia.custhelp.com/app/answers/detail/a_id/5456 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-25510 https://www.cve.org/CVERecord?id=CVE-2023-25510 [1] https://security-tracker.debian.org/tracker/CVE-2023-25511 https://www.cve.org/CVERecord?id=CVE-2023-25511 [2] https://security-tracker.debian.org/tracker/CVE-2023-25512 https://www.cve.org/CVERecord?id=CVE-2023-25512 [3] https://security-tracker.debian.org/tracker/CVE-2023-25513 https://www.cve.org/CVERecord?id=CVE-2023-25513 [4] https://security-tracker.debian.org/tracker/CVE-2023-25514 https://www.cve.org/CVERecord?id=CVE-2023-25514 Please adjust the affected versions in the BTS as needed.