ALAS2023NVIDIA-2025-031

Amazon Linux 2023 Security Advisory: ALAS2023NVIDIA-2025-031
Advisory Released Date: 2025-04-16
Advisory Updated Date: 2026-05-13
Severity: Low
Issue Overview:

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53870)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53871)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53872)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53874)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53875)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53876)

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause a NULL pointer exception by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53877)

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53878)

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. (CVE-2024-53879)


Affected Packages:

cuda-toolkit-12


Issue Correction:
Run dnf update cuda-toolkit-12 --releasever latest or dnf update --advisory ALAS2023NVIDIA-2025-031 --releasever latest to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
x86_64:
    cuda-toolkit-12-12.8.0-1.x86_64

Changelog:

2026-05-13: CVE-2024-53877 was added to this advisory.

2026-05-13: CVE-2024-53876 was added to this advisory.

2026-05-13: CVE-2024-53874 was added to this advisory.

2026-05-13: CVE-2024-53872 was added to this advisory.

2026-05-13: CVE-2024-53879 was added to this advisory.

2026-05-13: CVE-2024-53878 was added to this advisory.

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-53870, CVE-2024-53871, CVE-2024-53872, CVE-2024-53874, CVE-2024-53875, CVE-2024-53876, CVE-2024-53877, CVE-2024-53878, CVE-2024-53879

Mitre: CVE-2024-53870, CVE-2024-53871, CVE-2024-53872, CVE-2024-53874, CVE-2024-53875, CVE-2024-53876, CVE-2024-53877, CVE-2024-53878, CVE-2024-53879