{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0125", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-12-02T00:42:36.041Z", "datePublished": "2024-10-03T16:46:19.800Z", "dateUpdated": "2024-10-03T17:24:07.074Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux"], "product": "CUDA Toolkit", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions up to and including CUDA Toolkit 12.6U1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.</span>\n\n</span>\n\n</span>"}], "value": "NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2024-10-03T16:46:19.800Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5577"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T17:23:55.504684Z", "id": "CVE-2024-0125", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T17:24:07.074Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0125", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-03T17:23:55.504684Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T17:24:03.165Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "CUDA Toolkit", "versions": [{"status": "affected", "version": "All versions up to and including CUDA Toolkit 12.6U1"}], "platforms": ["Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5577"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.</span>\n\n</span>\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2024-10-03T16:46:19.800Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0125", "state": "PUBLISHED", "dateUpdated": "2024-10-03T17:24:07.074Z", "dateReserved": "2023-12-02T00:42:36.041Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2024-10-03T16:46:19.800Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service."}, {"lang": "es", "value": "NVIDIA CUDA Toolkit para Windows y Linux contiene una vulnerabilidad en la herramienta de l\u00ednea de comandos nvdisam, donde un usuario puede provocar una desreferencia de puntero NULL al ejecutar nvdisasm en un archivo ELF mal formado. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio limitada."}], "id": "CVE-2024-0125", "lastModified": "2024-10-04T13:50:43.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2024-10-03T17:15:14.490", "references": [{"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5577"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{"bugzilla": {"description": "NVIDIA CUDA Toolkit: NULL pointer dereference via malformed ELF file", "id": "2316326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316326"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.", "A flaw was found in the NVIDIA CUDA toolkit. A user can cause a NULL pointer dereference via the nvdisam command line tool by running nvdisasm on a malformed ELF file, leading to a limited denial of service."], "name": "CVE-2024-0125", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Fix deferred", "package_name": "openshift-lightspeed-beta/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/instructlab-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}], "public_date": "2024-10-03T16:46:19Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-0125\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0125\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5577"], "threat_severity": "Low"}