CVE-2025-23338 - Vulnerability Details

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe
Microsoft Subscribe	Windows Subscribe
Nvidia Subscribe	Cuda Toolkit Subscribe

Configuration 1 [-]

AND

cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Nvidia Subscribe	Cuda Toolkit Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2025-30964	NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-23338
https://nvidia.custhelp.com/app/answers/detail/a_id/5661
https://www.cve.org/CVERecord?id=CVE-2025-23338
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2169

History

Tue, 04 Nov 2025 04:30:00 +0900

Type	Values Removed	Values Added
References		https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2169

Mon, 06 Oct 2025 23:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel Microsoft Microsoft windows
CPEs		cpe:2.3:a:nvidia:cuda_toolkit:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Linux Linux linux Kernel Microsoft Microsoft windows

Thu, 25 Sep 2025 17:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Nvidia Nvidia cuda Toolkit
Vendors & Products		Nvidia Nvidia cuda Toolkit

Wed, 24 Sep 2025 23:15:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 24 Sep 2025 22:30:00 +0900

Type	Values Removed	Values Added
Description		NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.
Weaknesses		CWE-129
References		https://nvd.nist.gov/vuln/detail/CVE-2025-23338 https://nvidia.custhelp.com/app/answers/detail/a_id/5661 https://www.cve.org/CVERecord?id=CVE-2025-23338
Metrics		cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2025-09-24T13:12:47.651Z

Updated: 2025-11-03T18:08:47.082Z

Reserved: 2025-01-14T01:07:19.940Z

Link: CVE-2025-23338

Vulnrichment

Updated: 2025-11-03T18:08:47.082Z

NVD

Status : Modified

Published: 2025-09-24T14:15:48.000

Modified: 2025-11-03T19:15:48.077

Link: CVE-2025-23338

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-09-25T17:21:29Z

Weaknesses

CWE-129

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object