CVE-2024-0124: 
CUDA Toolkit vulnerability analysis and mitigation

A vulnerability (CVE-2024-0124) was discovered in the NVIDIA CUDA Toolkit for Windows and Linux systems. The vulnerability affects the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. This vulnerability was disclosed on October 2, 2024, and affects all versions up to and including CUDA Toolkit 12.6U1 (NVIDIA Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (Low severity) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L. The issue is classified as CWE-416 (Use After Free) and requires user interaction to exploit. The vulnerability specifically occurs when the nvdisasm tool processes malformed ELF files (Red Hat CVE, NVIDIA Bulletin).

A successful exploitation of this vulnerability might lead to a limited denial of service. The vulnerability affects only availability with no impact on confidentiality or integrity of the system (Red Hat CVE, NVIDIA Bulletin).

NVIDIA has released CUDA Toolkit 12.6U2 to address this vulnerability. Users are recommended to upgrade to this version if running any affected version (up to and including CUDA Toolkit 12.6U1). Earlier software releases of this product are also affected and should be upgraded to the latest release version (NVIDIA Bulletin).

The vulnerability was reported by nEINEI from Tencent-zhuquelab, demonstrating ongoing security research and responsible disclosure in the field (NVIDIA Bulletin).