ALASNVIDIA-2025-055

Amazon Linux 2023 Security Advisory: ALASNVIDIA-2025-055
Advisory Released Date: 2025-04-16
Advisory Updated Date: 2025-04-16
Severity: Low
Issue Overview:

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53870)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53871)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53875)


Affected Packages:

libnpp-12-8


Issue Correction:
Run dnf update libnpp-12-8 --releasever 2023.6.20250331 to update your system.

New Packages:
x86_64:
    libnpp-12-8-12.3.3.65-1.x86_64
    libnpp-devel-12-8-12.3.3.65-1.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-53870, CVE-2024-53871, CVE-2024-53875

Mitre: CVE-2024-53870, CVE-2024-53871, CVE-2024-53875