ALAS2023NVIDIA-2025-050

Amazon Linux 2023 Security Advisory: ALAS2023NVIDIA-2025-050
Advisory Released Date: 2025-04-16
Advisory Updated Date: 2025-04-16
Severity: Low
Issue Overview:

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53870)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53871)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53875)


Affected Packages:

cuda


Issue Correction:
Run dnf update cuda --releasever 2023.6.20250331 to update your system.

New Packages:
x86_64:
    cuda-12.8.0-1.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-53870, CVE-2024-53871, CVE-2024-53875

Mitre: CVE-2024-53870, CVE-2024-53871, CVE-2024-53875