CVE‑2022‑21821: NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity. The fixed 11.6.2 is already in-tree.
Thank you for reporting!
Switching the alias to use ASCII dashes. >>> ord('-') 45 >>> ord('‑') 8209
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfc02652708fa67b43f3db339eed75b16497429e commit dfc02652708fa67b43f3db339eed75b16497429e Author: David Seifert <soap@gentoo.org> AuthorDate: 2022-11-19 04:48:08 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2022-11-19 04:48:08 +0000 dev-util/nvidia-cuda-toolkit: drop 11.5.1-r1, 11.6.0, 11.6.1, 11.6.2, 11.7.0-r2 Closes: https://github.com/gentoo/gentoo/pull/28332 Bug: https://bugs.gentoo.org/836366 Signed-off-by: David Seifert <soap@gentoo.org> dev-util/nvidia-cuda-toolkit/Manifest | 5 - .../nvidia-cuda-toolkit-11.5.1-r1.ebuild | 260 -------------------- .../nvidia-cuda-toolkit-11.6.0.ebuild | 271 --------------------- .../nvidia-cuda-toolkit-11.6.1.ebuild | 271 --------------------- .../nvidia-cuda-toolkit-11.6.2.ebuild | 271 --------------------- .../nvidia-cuda-toolkit-11.7.0-r2.ebuild | 271 --------------------- 6 files changed, 1349 deletions(-)
No GLSA, all done!
