ALAS2023NVIDIA-2025-033

Amazon Linux 2023 Security Advisory: ALAS2023NVIDIA-2025-033
Advisory Released Date: 2025-04-16
Advisory Updated Date: 2025-04-16
Severity: Low
Issue Overview:

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53870)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53871)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53875)


Affected Packages:

libcufft-12-8


Issue Correction:
Run dnf update libcufft-12-8 --releasever 2023.6.20250331 to update your system.

New Packages:
x86_64:
    libcufft-12-8-11.3.3.41-1.x86_64
    libcufft-devel-12-8-11.3.3.41-1.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-53870, CVE-2024-53871, CVE-2024-53875

Mitre: CVE-2024-53870, CVE-2024-53871, CVE-2024-53875