Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS

Attackers could crash analysis tools or leak memory contents by distributing weaponized cubin files – a critical risk for AI development teams sharing pre-trained models. These vulnerabilities, spanning the cuobjdump and nvdisasm utilities, expose developers to denial-of-service (DoS) attacks and information disclosure risks when analyzing maliciously crafted cubin files. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. As CUDA dominates AI/ML development, hardening binary analysis tools becomes imperative to prevent cascading failures in GPU-dependent infrastructures. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Researchers uncovered nine critical vulnerabilities in NVIDIA’s CUDA Toolkit, a cornerstone software suite for GPU-accelerated computing. With NVIDIA GPUs powering everything from AI research to scientific simulations, these flaws highlight systemic security challenges in foundational GPU development tools. The era of trusting GPU binaries as inert data files has ended – these vulnerabilities prove that even development utilities require memory-safe coding practices. Organizations should audit legacy CUDA projects and implement runtime monitoring for cubin analysis workflows. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. CUDA binaries (.cubin) use the standardized ELF (Executable and Linkable Format) to encapsulate GPU-specific instructions alongside CPU-executable code. NVIDIA’s February 2025 security update patches all nine CVEs.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Feb 2025 10:25:14 +0000

Cyber News related to Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS

Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS - Attackers could crash analysis tools or leak memory contents by distributing weaponized cubin files – a critical risk for AI development teams sharing pre-trained models. These vulnerabilities, spanning the cuobjdump and nvdisasm utilities, expose ...
1 day ago Cybersecuritynews.com

Nvidia sued after video call mistake showed 'stolen' data - According to a lawsuit filed against tech giant Nvidia, senior staff member Mohammad Moniruzzaman made this error with disastrous consequences. In the course of it, Valeo claims he accidentally displayed a file proving he stole its tech secrets. The ...
1 year ago Bbc.com

Cohesity partners with NVIDIA to harness the power of generative AI - Cohesity announced a collaboration with NVIDIA to help organizations safely unlock the power of generative AI and data using the recently announced NVIDIA NIM microservices and by integrating NVIDIA AI Enterprise into the Cohesity Gaia platform. ...
11 months ago Helpnetsecurity.com

Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA - With NVIDIA accelerated computing and AI software, cybersecurity leaders like Palo Alto Networks can safeguard vast amounts of sensitive information with unprecedented speed and accuracy, ushering in a new era of AI-driven data protection. The ...
4 months ago Paloaltonetworks.com

NVIDIA Container Toolkit Vulnerability Let Attackers Execute Code - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Researchers from Wiz Research noted that CVE-2025-23359 bypasses an earlier vulnerability, CVE-2024-0132, which was patched in ...
1 week ago Cybersecuritynews.com

CISA Updates Toolkit with Nine New Resources to Promote Public Safety Communications and Cyber Resiliency - The Cybersecurity and Infrastructure Security Agency collaborates with public safety, national security, and emergency preparedness communities to enhance seamless and secure communications to keep America safe, secure, and resilient. Any ...
9 months ago Cisa.gov

Vulnerability Recap 10/01/24: NVIDIA, Ivanti, Kia - “The vulnerability stems from inadequate validation of network data, allowing attackers to get the vulnerable system to install a malicious printer driver, and then send a print job to that driver triggering execution of the malicious code,” said ...
4 months ago Esecurityplanet.com

Nvidia To Build Network Of AI Chip Plants In Japan - Nvidia chief Jensen Huang says company to work with local companies to build network of AI chip plants in Japan. Nvidia is to collaborate with local companies to build a network of semiconductor manufacturing facilities in Japan to meet demand for ...
1 year ago Silicon.co.uk

CVE-2008-5144 - nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file. ...
16 years ago

Nvidia Targets Insider Threats with Digital Fingerprinting Technology - Nvidia recently announced a new technology to help detect and prevent insider threats. The tech, known as Digital Fingerprinting, is designed to detect unauthorized attempts to access sensitive data or systems within a company's network. The ...
2 years ago Csoonline.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
8 months ago Securityaffairs.com

Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
11 months ago Feedpress.me

Nvidia Promises Japan AI Support Amidst Heavy Demand - Nvidia chief executive Jensen Huang says company will try to prioritise Japan AI requirements amidst heavy worldwide demand. Nvidia chief executive Jensen Huang said the company would do its best to prioritise Japan for artificial intelligence chips ...
1 year ago Silicon.co.uk

Fedora Linux Kernel Vulnerability Let Attackers Gain Access to Sensitive Data - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. When enabled in “integrity” mode, it blocks runtime kernel modifications, while “confidentiality” mode ...
1 day ago Cybersecuritynews.com

Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
1 year ago Enisa.europa.eu

US offering $15m for info on ALPHV/Blackcat ransomware crew The Register - Infosec in brief The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out the APLHV/Blackcat ransomware gang. ALPHV has made a habit of going after critical infrastructure targets, and last week ...
1 year ago Go.theregister.com

Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
1 year ago Securityboulevard.com

Why CVEs Are an Incentives Problem - I've been thinking about some of these unintended consequences in the context of a growing problem faced by all of us in cybersecurity: how a fast-rising tide of software vulnerabilities tracked as common vulnerabilities and exposures - are reported ...
8 months ago Darkreading.com

What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com

Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting - On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting via Shortcode vulnerabilities in WordPress repository plugins. We found over 100 vulnerabilities across 100 plugins which affect ...
1 year ago Wordfence.com

US House 'Asks Intel, Nvidia, Micron CEOs' To Testify On China - US House of Representatives China committee asks chief executives of Intel, Nvidia, Micron to testify as international tensions mount. The chief executives of Intel, Nvidia and Micron have been asked to testify before the US House of Representatives' ...
1 year ago Silicon.co.uk

Five AI topics to discuss with your CEO - At Cisco Live EMEA in Amsterdam in early February, you couldn't swing an Ethernet cable without hitting someone who was talking about it. Even though AI comes with especially useful applications and some very practical downsides, it's important to ...
11 months ago Feedpress.me

Creating a formula for effective vulnerability prioritization - In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset ...
1 year ago Helpnetsecurity.com

CVE-2020-7205 - A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. ...
3 years ago

ShadowRay Vulnerability: 6 Lessons for AI & Cybersecurity - This exposure is under active attack, yet Ray disputes that the exposure is a vulnerability and doesn't intend to fix it. The dispute between Ray's developers and security researchers highlights hidden assumptions and teaches lessons for AI security, ...
10 months ago Esecurityplanet.com

Latest Cyber News

Black Basta is latest ransomware group to be hit by leak of chat logs | The Record from Recorded Future News - 1 hour ago
CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits - 7 hours ago
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors - 7 hours ago
SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - 8 hours ago
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia - 8 hours ago
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 11 hours ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 11 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 13 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 13 hours ago
CVE-2025-27097 - 17 hours ago
CVE-2025-27098 - 17 hours ago
Apiiro unveils free scanner to detect malicious code merges - 17 hours ago
Black Basta ransomware gang's internal chat logs leak online - 18 hours ago
CVE-2025-0352 - 18 hours ago
CVE-2025-1265 - 18 hours ago
CVE-2025-24893 - 18 hours ago
CVE-2025-25299 - 18 hours ago
Ivanti Endpoint Manager Vulnerabilities Proof-of-Concept (PoC) Exploit Released - 18 hours ago
New NailaoLocker Ransomware Attacking European Healthcare - 18 hours ago
Beware of North Korean Job Interview Process Delivers Malware Via Fake Chrome Update - 19 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Black Basta is latest ransomware group to be hit by leak of chat logs | The Record from Recorded Future News - 1 hour ago
CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits - 7 hours ago
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors - 7 hours ago
SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - 8 hours ago
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia - 8 hours ago
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 11 hours ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 11 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 13 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 13 hours ago
CVE-2025-1272 - 2 days ago
CVE-2025-27090 - 1 day ago
CVE-2023-51305 - 1 day ago
CVE-2024-10339 - 1 day ago
CVE-2024-37359 - 1 day ago
CVE-2024-37360 - 1 day ago
CVE-2024-5705 - 1 day ago
CVE-2024-5706 - 1 day ago
CVE-2025-21355 - 1 day ago
CVE-2025-24989 - 1 day ago
CVE-2025-25942 - 1 day ago