Security Bulletin – NVIDIA CUDA Toolkit (June 2023)

This section summarizes the potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors follow CVSS v3.1 standards.

CVE IDDescriptionBase ScoreVector and CWE
CVE‑2023‑25523NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.3.3AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE-476

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

SECURITY UPDATES

The following table lists the software products and versions affected, and the updated version available from nvidia.com that includes this security update.

Download the update from the CUDA Toolkit Downloads page to apply the security update.

CVEs AddressedSoftware ProductOperating SystemAffected VersionsUpdated Version
CVE‑2023‑25523NVIDIA CUDA ToolkitLinux, WindowsAll versions prior to CUDA Toolkit v12.2CUDA Toolkit v12.2

Notes

  • Earlier software releases of this product are also affected. If you are using an earlier release, upgrade to the latest release version.

ACKNOWLEDGEMENTS

NVIDIA thanks the following people for reporting these issues:

CVE‑2023‑25523: Jifan Xiao