|Vector and CWE
|NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the
nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.
The following table lists the software products and versions affected, and the updated version available from nvidia.com that includes this security update.
Download the update from the CUDA Toolkit Downloads page to apply the security update.
|NVIDIA CUDA Toolkit
|All versions prior to CUDA Toolkit v12.2
|CUDA Toolkit v12.2
- Earlier software releases of this product are also affected. If you are using an earlier release, upgrade to the latest release version.
NVIDIA thanks the following people for reporting these issues:
CVE‑2023‑25523: Jifan Xiao