NVIDIA CUDA Toolkit Vulnerabilities Expose Systems to Potential DoS Attacks

Cybersecurity researchers at Palo Alto Networks’ Unit 42 disclosed nine vulnerabilities in NVIDIA’s Compute Unified Device Architecture (CUDA) Toolkit, specifically in the cuobjdump and nvdisasm utilities.

These tools, integral to analyzing CUDA binary files for GPU programming, were found to contain flaws that could expose systems to limited denial-of-service (DoS) attacks and information disclosure risks.

NVIDIA has since released a security update to address these issues.

Details of the Vulnerabilities

The vulnerabilities, tracked under CVE identifiers CVE-2024-53870 through CVE-2024-53878, were uncovered during a month-long fuzz testing process.

Six flaws were identified in cuobjdump, while three were found in nvdisasm.

The issues primarily stem from two types of software weaknesses: integer overflow and out-of-bounds read errors.

These vulnerabilities could be exploited by maliciously crafted CUDA binary files (known as “cubin” files), potentially causing crashes or unauthorized access to sensitive data.