Executive Summary
This article reviews nine vulnerabilities we recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA’s Compute Unified Device Architecture (CUDA) Toolkit. We have coordinated with NVIDIA, and the company has released an update in February 2025 to address these issues.
The vulnerabilities are tracked as the following Common Vulnerabilities and Exposures (CVEs):
Introduced in 2006, CUDA is a parallel computing platform and programming model. As part of NVIDIA’s CUDA Toolkit, developers use the cuobjdump and nvdisasm tools to analyze CUDA binary files used in programs to run on NVIDIA graphics processing unit (GPU) hardware.
While these two tools don’t directly execute CUDA code, they are essential for…