Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-21821

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.

Published

2022-03-29T20:15:07.783

Last Modified

2024-11-21T06:45:30.090

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-1285
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nvidia	cuda_toolkit	< 11.6.2	Yes
Application	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5334 Mitigation, Vendor Advisory ([email protected])
https://nvidia.custhelp.com/app/answers/detail/a_id/5334 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)