CVE-2022-21821

HIGH

Nvidia Cuda Toolkit < 11.6.2 - Integer Overflow

Title source: rule

Description

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.

References (1)

[Mitigation, Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5334

Scores

CVSS v3 7.8

EPSS 0.0055

EPSS Percentile 68.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-190 CWE-1285

Status published

Products (1)

nvidia/cuda_toolkit < 11.6.2

Published Mar 29, 2022

Tracked Since Feb 18, 2026