CVE-2024-53870: 
CUDA Toolkit vulnerability analysis and mitigation

CVE-2024-53870 is a vulnerability discovered in the NVIDIA CUDA toolkit affecting all platforms. The vulnerability was disclosed on February 18, 2025, and exists in the cuobjdump binary component of the toolkit. This security issue affects all versions of the CUDA Toolkit up to version 12.8 (NVIDIA Bulletin).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs when a malformed ELF file is passed to the cuobjdump binary. It has been assigned a CVSS v3.1 base score of 3.3 (Low severity) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L. This indicates that the vulnerability requires local access, low attack complexity, no privileges, and user interaction to exploit (NVIDIA Bulletin).

A successful exploitation of this vulnerability could lead to a partial denial of service on the affected system. The impact is limited to availability, with no direct effects on confidentiality or integrity of the system (NVIDIA Bulletin).

NVIDIA has released a patch for this vulnerability in CUDA Toolkit version 12.8. Users running affected versions are advised to upgrade to this latest release. The fix is available through the CUDA Toolkit Downloads page (NVIDIA Bulletin).

The vulnerability was discovered and reported by Kai Lu from Palo Alto Networks, demonstrating ongoing security research in the CUDA toolkit ecosystem (NVIDIA Bulletin).