Home » Database

AVID-2026-R1351

Description

Vulnerability CVE-2024-0140

Details

NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

Reason for inclusion in AVID: CVE-2024-0140 concerns NVIDIA RAPIDS cuDF/cuML deserialization vulnerability enabling code execution, affecting AI data processing libraries used in ML pipelines. This is a software supply-chain vulnerability in components used to build/train/deploy AI systems. The report provides CVE details, affected artifacts, and impact, supporting its relevance to AI stacks.

References

Affected or Relevant Artifacts

  • Developer: NVIDIA
  • Deployer: NVIDIA
  • Artifact Details:
TypeName
SystemRAPIDS cuDF and cuML

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
Base Score6.8
Base Severity🟠 Medium
Attack VectorLOCAL
Attack Complexity🟢 Low
Privileges Required🟢 Low
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality Impact🟢 Low
Integrity Impact🔴 High
Availability Impact🔴 High

CWE

IDDescription
CWE-502CWE-502 Deserialization of Untrusted Data

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2025-01-28
  • Version: 0.3.3
  • AVID Entry