NVIDIA CUDA Toolkit < 12.6.77 (12.6U2) Multiple Vulnerabilities (October 2024)

low Nessus Plugin ID 208118

Synopsis

The remote host is missing one or more security updates.

Description

The version of NVIDIA CUDA Toolkit installed on the remote host is prior to 12.6.77 (12.6U2). It is, therefore, affected by multiple vulnerabilities as referenced in the October 2024 advisory.

- NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service. (CVE-2024-0123)

- NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. (CVE-2024-0124)

- NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. (CVE-2024-0125)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to NVIDIA CUDA Toolkit version 12.6.77 (12.6U2) or later.

See Also

http://www.nessus.org/u?86c77f8c

Plugin Details

Severity: Low

ID: 208118

File Name: nvidia_cuda_toolkit_October_2024.nasl

Version: 1.2

Type: local

Agent: windows

Family: Misc.

Published: 10/4/2024

Updated: 10/7/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2024-0123

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2024-0125

Vulnerability Information

CPE: cpe:/a:nvidia:cuda_toolkit

Required KB Items: installed_sw/NVIDIA CUDA Toolkit

Exploit Ease: No known exploits are available

Patch Publication Date: 10/2/2024

Vulnerability Publication Date: 10/2/2024

Reference Information

CVE: CVE-2024-0123, CVE-2024-0124, CVE-2024-0125

IAVB: 2024-B-0146