We use cookies to improve your experience on our site.
AVID-2026-R1350
Description
Vulnerability CVE-2024-0125
Details
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.
Reason for inclusion in AVID: CVE-2024-0125 describes a NULL pointer dereference in NVIDIA CUDA nvdisasm that can cause a limited denial of service. CUDA Toolkit is a core software component used in AI workflows (ML frameworks, runtimes, tooling), and nvdisasm is part of that software supply chain. Thus, this vulnerability is relevant to the software supply chain of general-purpose AI systems and constitutes a security vulnerability with potential impact on AI tooling.
References
Affected or Relevant Artifacts
- Developer: NVIDIA
- Deployer: NVIDIA
- Artifact Details:
| Type | Name |
|---|---|
| System | CUDA Toolkit |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
| Base Score | 3.3 |
| Base Severity | 🟢 Low |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-476 | CWE-476 NULL Pointer Dereference |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-10-03
- Version: 0.3.3
- AVID Entry