We use cookies to improve your experience on our site.
AVID-2026-R1344
Description
Vulnerability CVE-2024-0102
Details
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service.
Reason for inclusion in AVID: CVE-2024-0102 details a vulnerability in NVIDIA CUDA Toolkit’s nvdisasm that can cause an out-of-bounds read and potential denial of service. This CUDA toolkit component is commonly used in AI software stacks for ML workloads (GPU acceleration, tooling, and runtime environments), placing it within the software supply chain context for general-purpose AI systems. The issue is a security vulnerability with a clear impact (DoS via OOB read) and is supported by CVE/description references. The evidence in the report is sufficient to classify this as a vulnerability affecting AI software components.
References
Affected or Relevant Artifacts
- Developer: NVIDIA
- Deployer: NVIDIA
- Artifact Details:
| Type | Name |
|---|---|
| System | NVIDIA CUDA Toolkit |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
| Base Score | 3.3 |
| Base Severity | 🟢 Low |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-125 | CWE-125 Out-of-bounds Read |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-08-08
- Version: 0.3.3
- AVID Entry