CVE-2025-23247
Public on 2025-05-27
Modified on 2025-06-05
Description
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | cuda | Pending Fix | ||
| Amazon Linux 2023 | cuda-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-cccl-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-command-line-tools-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-compiler-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-cudart-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-cuobjdump-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-cupti-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-cuxxfilt-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-demo-suite-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-documentation-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-gdb-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-libraries-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-libraries-devel-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-minimal-build-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nsight-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nsight-compute-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nsight-systems-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nvcc-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nvdisasm-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nvml-devel-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nvprof-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nvprune-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nvrtc-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nvtx-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-nvvp-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-opencl-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-profiler-api-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-runtime-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-sandbox-devel-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-sanitizer-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-toolkit | Pending Fix | ||
| Amazon Linux 2023 | cuda-toolkit-12 | Pending Fix | ||
| Amazon Linux 2023 | cuda-toolkit-12-6 | Pending Fix | ||
| Amazon Linux 2023 | cuda-toolkit-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-tools-12-9 | Pending Fix | ||
| Amazon Linux 2023 | cuda-visual-tools-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libcublas-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libcufft-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libcufile-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libcurand-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libcusolver-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libcusparse-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libnpp-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libnvfatbin-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libnvjitlink-12-9 | Pending Fix | ||
| Amazon Linux 2023 | libnvjpeg-12-9 | Pending Fix | ||
| Amazon Linux 2023 | nsight-compute-2025.2.0 | Pending Fix | ||
| Amazon Linux 2023 | nsight-systems-2025.1.3 | Pending Fix | ||
| Amazon Linux 2023 | nvidia-fs | Pending Fix | ||
| Amazon Linux 2023 | nvidia-gds | Pending Fix | ||
| Amazon Linux 2023 | nvidia-gds-12-9 | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
| NVD | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |