CVE-2020-5991

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvidiaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
nvidiacuda_toolkit
𝑥
< 11.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nvidia-cuda-toolkit
bullseye/non-free
11.2.2-3+deb11u3
fixed
buster
ignored
bookworm/non-free
11.8.0-5~deb12u1
fixed
trixie/non-free
12.2.0-3
fixed
sid/non-free
12.2.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nvidia-cuda-toolkit
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://nvidia.custhelp.com/app/answers/detail/a_id/5094
https://nvidia.custhelp.com/app/answers/detail/a_id/5094