We use cookies to improve your experience on our site.
AVID-2026-R0957
Description
Vulnerability CVE-2022-21821
Details
NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.
Reason for inclusion in AVID: CVE-2022-21821 describes an integer overflow in cuobjdump within NVIDIA CUDA Toolkit. CUDA Toolkit is part of software toolchains used to develop and run AI workloads; vulnerability could enable local code execution affecting AI systems and their data confidentiality/integrity. This is a software component (toolchain/dependency) used in AI pipelines, not hardware-only. The CVE includes clear security impact (RCE, DoS) and ties to a widely used AI software stack.
References
Affected or Relevant Artifacts
- Developer: NVIDIA
- Deployer: NVIDIA
- Artifact Details:
| Type | Name |
|---|---|
| System | NVIDIA CUDA Toolkit |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Base Score | 7.8 |
| Base Severity | 🔴 High |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-1285 | CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-03-29
- Version: 0.3.3
- AVID Entry