CVE-2022-21821
CVE-2022-21821
In short
NVIDIA CUDA Toolkit's cuobjdump tool has a flaw where it doesn't properly handle very large numbers in corrupted files, allowing an attacker to run malicious code if a user opens a specially crafted file. This can crash the system or steal/modify data.
Technical detail
Integer overflow vulnerability in cuobjdump enables remote code execution when processing a malicious CUDA object file locally. Attack requires local code execution after user downloads the crafted file; impact includes complete DoS, data exfiltration, and integrity compromise.
Summary generated and translated by AI from the official description.
NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
NVIDIA · NVIDIA CUDA ToolkitWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →