CVE‑2024-0072 and CVE-2024-0076: Supercomputer and AI development Interlude (4th Apr 2024)

Preface: A CUDA binary (also referred to as cubin) file is an ELF-formatted file which consists of CUDA executable code sections as well as other sections containing symbols, relocators, debug info, etc. By default, the CUDA compiler driver nvcc embeds cubin files into the host executable file.

Background: To dump cuda elf sections in human readable format from a cubin file, use the following command: cuobjdump -elf <cubin file>

nvdisasm extracts information from standalone cubin files and presents them in human readable format. The output of nvdisasm includes CUDA assembly code for each kernel, listing of ELF data sections and other CUDA specific sections.

–base-address <value>


Desc: Specify the logical base address of the image to disassemble. This option is only valid when disassembling a raw instruction binary (see option –binary), and is ignored when disassembling an Elf file. Default value: 0.

Vulnerability details: CVE‑2024‑0072 and CVE-2024-0076: NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.

Official announcement: Please refer to the link for details –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.