CVE-2024-53879
Public on 2025-02-25
Modified on 2026-05-22
Description
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.
Nvidia has not provided specific updates for CUDA 12.6. The fixed versions are CUDA 12.8+. Please upgrade to CUDA 12.8 or higher. (since CUDA packages are namespaced, this update has to be manual).
Nvidia has not provided specific updates for CUDA 12.6. The fixed versions are CUDA 12.8+. Please upgrade to CUDA 12.8 or higher. (since CUDA packages are namespaced, this update has to be manual).
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | cuda-toolkit | 2025-04-16 | ALAS2023NVIDIA-2025-013 | Fixed |
| Amazon Linux 2023 | cuda-toolkit-12 | 2025-04-16 | ALAS2023NVIDIA-2025-031 | Fixed |
| Amazon Linux 2023 | cuda-toolkit-12-6 | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 2.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |