CVE-2024-53877
Public on 2025-02-25
Modified on 2026-05-22
Description
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause a NULL pointer exception by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service.
Nvidia has not provided specific updates for CUDA 12.6. The fixed versions are CUDA 12.8+. Please upgrade to CUDA 12.8 or higher. (since CUDA packages are namespaced, this update has to be manual).
Nvidia has not provided specific updates for CUDA 12.6. The fixed versions are CUDA 12.8+. Please upgrade to CUDA 12.8 or higher. (since CUDA packages are namespaced, this update has to be manual).
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | cuda-toolkit | 2025-04-16 | ALAS2023NVIDIA-2025-013 | Fixed |
| Amazon Linux 2023 | cuda-toolkit-12 | 2025-04-16 | ALAS2023NVIDIA-2025-031 | Fixed |
| Amazon Linux 2023 | cuda-toolkit-12-6 | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |