CVE-2023-25513 MEDIUM

CVE-2023-25513

Vendor Nvidia
Product NVIDIA CUDA Toolkit
Weakness CWE-125
Published April 22, 2023
Last update February 4, 2025

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

Key dates

02Disclosure timeline

April 22, 2023 CVE published
February 4, 2025 Record updated