DEBIAN-CVE-2025-23338

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-23338

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-23338.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-23338

Upstream

CVE-2025-23338

Published

2025-09-24T14:15:48Z

Modified

2026-03-17T02:51:27.663375Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

References

https://security-tracker.debian.org/tracker/CVE-2025-23338

Affected packages

Debian:11 / nvidia-cuda-toolkit

Package

Name: nvidia-cuda-toolkit
Purl: pkg:deb/debian/nvidia-cuda-toolkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1-1

3.2.16-1

3.2.16-2

4.*

4.0.13-1

4.0.17-1

4.0.17-2

4.0.17-3

4.1.21-1

4.1.28-1

4.1.28-2

4.2.9-1~bpo60+1

4.2.9-1~bpo60+2

4.2.9-1

4.2.9-2

5.*

5.0.24-1

5.0.35-1

5.0.35-2

5.0.35-3

5.0.35-4

5.0.35-5

5.0.35-6

5.0.35-7

5.0.35-8~bpo70+1

5.0.35-8

5.5.22-1

5.5.22-2

5.5.22-3

5.5.22-4

5.5.22-5

5.5.22-6~bpo70+1

5.5.22-6~bpo70+2

5.5.22-6

6.*

6.0.37-1

6.0.37-2

6.0.37-3

6.0.37-4

6.0.37-5

6.5.14-1

6.5.14-2

6.5.19-1

6.5.19-2

6.5.19-3~bpo8+1

6.5.19-3

7.*

7.0.28-1

7.0.28-2

7.0.28-3

7.0.28-4

7.5.18-1

7.5.18-2

7.5.18-3

7.5.18-4~bpo8+1

7.5.18-4

8.*

8.0.44-1

8.0.44-2

8.0.44-3

8.0.44-4

8.0.61-1

8.0.61-2

8.0.61-3

9.*

9.0.176-1

9.0.176-2

9.1.85-1

9.1.85-2

9.1.85-3

9.1.85-4~bpo9+1

9.1.85-4

9.1.85-5

9.1.85-6

9.1.85-7~bpo9+1

9.1.85-7

9.1.85-8~bpo9+1

9.1.85-8

9.2.88-1

9.2.148-1

9.2.148-2

9.2.148-3

9.2.148-4

9.2.148-5

9.2.148-6

9.2.148-7

10.*

10.0.130-1

10.0.130-2

10.0.130-3

10.1.105-1

10.1.105-2

10.1.105-3

10.1.168-1

10.1.168-2

10.1.168-3

10.1.168-4

10.1.168-5

10.1.168-6

10.1.168-7~bpo10+1

10.1.168-7

10.1.168-8

10.1.168-9

10.1.168-10

10.1.168-11

10.1.243-1

10.1.243-2

10.1.243-3

10.1.243-4

10.1.243-5

10.1.243-6~bpo10+1

10.1.243-6

10.1.243-7

10.1.243-8

10.2.89-1

10.2.89-2

10.2.89-3

10.2.89-4

10.2.89-5~bpo10+1

10.2.89-5

11.*

11.0.2-1

11.0.3-1

11.0.3-2

11.0.3-3

11.1.0-1

11.1.1-1

11.1.1-2

11.1.1-3~bpo10+1

11.1.1-3

11.1.1-4

11.2.0-1

11.2.0-2~bpo10+1

11.2.0-2

11.2.1-1

11.2.1-2~bpo10+1

11.2.1-2

11.2.2-1

11.2.2-2~bpo10+1

11.2.2-2

11.2.2-3

11.2.2-3+deb11u1~bpo10+1

11.2.2-3+deb11u1

11.2.2-3+deb11u2

11.2.2-3+deb11u3~bpo10+1

11.2.2-3+deb11u3

11.3.0-1

11.3.1-1

11.3.1-2

11.3.1-3

11.3.1-4

11.3.1-5

11.4.0-1

11.4.1-1

11.4.1-2

11.4.2-1

11.4.3-1

11.4.3-2

11.4.3-3

11.4.3-4

11.4.3-5

11.5.0-1

11.5.1-1

11.5.1-2

11.5.2-1

11.5.2-2

11.5.2-3

11.5.2-4

11.6.0-1

11.6.1-1

11.6.2-1

11.6.2-2

11.6.2-3

11.6.2-4

11.6.2-5

11.6.2-6

11.7.0-1

11.7.0-2

11.7.1-1

11.7.1-2

11.7.1-3

11.7.1-4

11.7.1-5

11.8.0-1

11.8.0-2

11.8.0-3

11.8.0-4

11.8.0-5~deb12u1

11.8.0-5

12.*

12.0.0-1

12.0.0-2

12.0.1-1

12.0.1-2

12.0.1-3

12.0.1-4

12.0.1-5

12.0.1-6

12.1.0-1

12.1.0-2

12.1.1-1

12.1.1-2

12.1.1-3

12.1.1-4

12.2.0-1

12.2.0-2

12.2.0-3

12.2.1-1

12.2.1-2

12.2.1-3

12.2.2-1

12.2.2-2

12.3.0-1

12.3.1-1

12.3.2-1

12.4.0-1

12.4.0-2

12.4.1-1

12.4.1-2

12.4.1-3

12.4.1-4

12.4.1-5

12.4.1-6

12.4.1-7

12.4.1-8

12.5.0-1

12.5.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-23338.json"

Debian:12 / nvidia-cuda-toolkit

Package

Name: nvidia-cuda-toolkit
Purl: pkg:deb/debian/nvidia-cuda-toolkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1-1

3.2.16-1

3.2.16-2

4.*

4.0.13-1

4.0.17-1

4.0.17-2

4.0.17-3

4.1.21-1

4.1.28-1

4.1.28-2

4.2.9-1~bpo60+1

4.2.9-1~bpo60+2

4.2.9-1

4.2.9-2

5.*

5.0.24-1

5.0.35-1

5.0.35-2

5.0.35-3

5.0.35-4

5.0.35-5

5.0.35-6

5.0.35-7

5.0.35-8~bpo70+1

5.0.35-8

5.5.22-1

5.5.22-2

5.5.22-3

5.5.22-4

5.5.22-5

5.5.22-6~bpo70+1

5.5.22-6~bpo70+2

5.5.22-6

6.*

6.0.37-1

6.0.37-2

6.0.37-3

6.0.37-4

6.0.37-5

6.5.14-1

6.5.14-2

6.5.19-1

6.5.19-2

6.5.19-3~bpo8+1

6.5.19-3

7.*

7.0.28-1

7.0.28-2

7.0.28-3

7.0.28-4

7.5.18-1

7.5.18-2

7.5.18-3

7.5.18-4~bpo8+1

7.5.18-4

8.*

8.0.44-1

8.0.44-2

8.0.44-3

8.0.44-4

8.0.61-1

8.0.61-2

8.0.61-3

9.*

9.0.176-1

9.0.176-2

9.1.85-1

9.1.85-2

9.1.85-3

9.1.85-4~bpo9+1

9.1.85-4

9.1.85-5

9.1.85-6

9.1.85-7~bpo9+1

9.1.85-7

9.1.85-8~bpo9+1

9.1.85-8

9.2.88-1

9.2.148-1

9.2.148-2

9.2.148-3

9.2.148-4

9.2.148-5

9.2.148-6

9.2.148-7

10.*

10.0.130-1

10.0.130-2

10.0.130-3

10.1.105-1

10.1.105-2

10.1.105-3

10.1.168-1

10.1.168-2

10.1.168-3

10.1.168-4

10.1.168-5

10.1.168-6

10.1.168-7~bpo10+1

10.1.168-7

10.1.168-8

10.1.168-9

10.1.168-10

10.1.168-11

10.1.243-1

10.1.243-2

10.1.243-3

10.1.243-4

10.1.243-5

10.1.243-6~bpo10+1

10.1.243-6

10.1.243-7

10.1.243-8

10.2.89-1

10.2.89-2

10.2.89-3

10.2.89-4

10.2.89-5~bpo10+1

10.2.89-5

11.*

11.0.2-1

11.0.3-1

11.0.3-2

11.0.3-3

11.1.0-1

11.1.1-1

11.1.1-2

11.1.1-3~bpo10+1

11.1.1-3

11.1.1-4

11.2.0-1

11.2.0-2~bpo10+1

11.2.0-2

11.2.1-1

11.2.1-2~bpo10+1

11.2.1-2

11.2.2-1

11.2.2-2~bpo10+1

11.2.2-2

11.2.2-3

11.3.0-1

11.3.1-1

11.3.1-2

11.3.1-3

11.3.1-4

11.3.1-5

11.4.0-1

11.4.1-1

11.4.1-2

11.4.2-1

11.4.3-1

11.4.3-2

11.4.3-3

11.4.3-4

11.4.3-5

11.5.0-1

11.5.1-1

11.5.1-2

11.5.2-1

11.5.2-2

11.5.2-3

11.5.2-4

11.6.0-1

11.6.1-1

11.6.2-1

11.6.2-2

11.6.2-3

11.6.2-4

11.6.2-5

11.6.2-6

11.7.0-1

11.7.0-2

11.7.1-1

11.7.1-2

11.7.1-3

11.7.1-4

11.7.1-5

11.8.0-1

11.8.0-2

11.8.0-3

11.8.0-4

11.8.0-5~deb12u1

11.8.0-5

12.*

12.0.0-1

12.0.0-2

12.0.1-1

12.0.1-2

12.0.1-3

12.0.1-4

12.0.1-5

12.0.1-6

12.1.0-1

12.1.0-2

12.1.1-1

12.1.1-2

12.1.1-3

12.1.1-4

12.2.0-1

12.2.0-2

12.2.0-3

12.2.1-1

12.2.1-2

12.2.1-3

12.2.2-1

12.2.2-2

12.3.0-1

12.3.1-1

12.3.2-1

12.4.0-1

12.4.0-2

12.4.1-1

12.4.1-2

12.4.1-3

12.4.1-4

12.4.1-5

12.4.1-6

12.4.1-7

12.4.1-8

12.5.0-1

12.5.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-23338.json"

Debian:13 / nvidia-cuda-toolkit

Package

Name: nvidia-cuda-toolkit
Purl: pkg:deb/debian/nvidia-cuda-toolkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1-1

3.2.16-1

3.2.16-2

4.*

4.0.13-1

4.0.17-1

4.0.17-2

4.0.17-3

4.1.21-1

4.1.28-1

4.1.28-2

4.2.9-1~bpo60+1

4.2.9-1~bpo60+2

4.2.9-1

4.2.9-2

5.*

5.0.24-1

5.0.35-1

5.0.35-2

5.0.35-3

5.0.35-4

5.0.35-5

5.0.35-6

5.0.35-7

5.0.35-8~bpo70+1

5.0.35-8

5.5.22-1

5.5.22-2

5.5.22-3

5.5.22-4

5.5.22-5

5.5.22-6~bpo70+1

5.5.22-6~bpo70+2

5.5.22-6

6.*

6.0.37-1

6.0.37-2

6.0.37-3

6.0.37-4

6.0.37-5

6.5.14-1

6.5.14-2

6.5.19-1

6.5.19-2

6.5.19-3~bpo8+1

6.5.19-3

7.*

7.0.28-1

7.0.28-2

7.0.28-3

7.0.28-4

7.5.18-1

7.5.18-2

7.5.18-3

7.5.18-4~bpo8+1

7.5.18-4

8.*

8.0.44-1

8.0.44-2

8.0.44-3

8.0.44-4

8.0.61-1

8.0.61-2

8.0.61-3

9.*

9.0.176-1

9.0.176-2

9.1.85-1

9.1.85-2

9.1.85-3

9.1.85-4~bpo9+1

9.1.85-4

9.1.85-5

9.1.85-6

9.1.85-7~bpo9+1

9.1.85-7

9.1.85-8~bpo9+1

9.1.85-8

9.2.88-1

9.2.148-1

9.2.148-2

9.2.148-3

9.2.148-4

9.2.148-5

9.2.148-6

9.2.148-7

10.*

10.0.130-1

10.0.130-2

10.0.130-3

10.1.105-1

10.1.105-2

10.1.105-3

10.1.168-1

10.1.168-2

10.1.168-3

10.1.168-4

10.1.168-5

10.1.168-6

10.1.168-7~bpo10+1

10.1.168-7

10.1.168-8

10.1.168-9

10.1.168-10

10.1.168-11

10.1.243-1

10.1.243-2

10.1.243-3

10.1.243-4

10.1.243-5

10.1.243-6~bpo10+1

10.1.243-6

10.1.243-7

10.1.243-8

10.2.89-1

10.2.89-2

10.2.89-3

10.2.89-4

10.2.89-5~bpo10+1

10.2.89-5

11.*

11.0.2-1

11.0.3-1

11.0.3-2

11.0.3-3

11.1.0-1

11.1.1-1

11.1.1-2

11.1.1-3~bpo10+1

11.1.1-3

11.1.1-4

11.2.0-1

11.2.0-2~bpo10+1

11.2.0-2

11.2.1-1

11.2.1-2~bpo10+1

11.2.1-2

11.2.2-1

11.2.2-2~bpo10+1

11.2.2-2

11.2.2-3

11.3.0-1

11.3.1-1

11.3.1-2

11.3.1-3

11.3.1-4

11.3.1-5

11.4.0-1

11.4.1-1

11.4.1-2

11.4.2-1

11.4.3-1

11.4.3-2

11.4.3-3

11.4.3-4

11.4.3-5

11.5.0-1

11.5.1-1

11.5.1-2

11.5.2-1

11.5.2-2

11.5.2-3

11.5.2-4

11.6.0-1

11.6.1-1

11.6.2-1

11.6.2-2

11.6.2-3

11.6.2-4

11.6.2-5

11.6.2-6

11.7.0-1

11.7.0-2

11.7.1-1

11.7.1-2

11.7.1-3

11.7.1-4

11.7.1-5

11.8.0-1

11.8.0-2

11.8.0-3

11.8.0-4

11.8.0-5~deb12u1

11.8.0-5

12.*

12.0.0-1

12.0.0-2

12.0.1-1

12.0.1-2

12.0.1-3

12.0.1-4

12.0.1-5

12.0.1-6

12.1.0-1

12.1.0-2

12.1.1-1

12.1.1-2

12.1.1-3

12.1.1-4

12.2.0-1

12.2.0-2

12.2.0-3

12.2.1-1

12.2.1-2

12.2.1-3

12.2.2-1

12.2.2-2

12.3.0-1

12.3.1-1

12.3.2-1

12.4.0-1

12.4.0-2

12.4.1-1

12.4.1-2

12.4.1-3

12.4.1-4

12.4.1-5

12.4.1-6

12.4.1-7

12.4.1-8

12.5.0-1

12.5.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-23338.json"

Debian:14 / nvidia-cuda-toolkit

Package

Name: nvidia-cuda-toolkit
Purl: pkg:deb/debian/nvidia-cuda-toolkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1-1

3.2.16-1

3.2.16-2

4.*

4.0.13-1

4.0.17-1

4.0.17-2

4.0.17-3

4.1.21-1

4.1.28-1

4.1.28-2

4.2.9-1~bpo60+1

4.2.9-1~bpo60+2

4.2.9-1

4.2.9-2

5.*

5.0.24-1

5.0.35-1

5.0.35-2

5.0.35-3

5.0.35-4

5.0.35-5

5.0.35-6

5.0.35-7

5.0.35-8~bpo70+1

5.0.35-8

5.5.22-1

5.5.22-2

5.5.22-3

5.5.22-4

5.5.22-5

5.5.22-6~bpo70+1

5.5.22-6~bpo70+2

5.5.22-6

6.*

6.0.37-1

6.0.37-2

6.0.37-3

6.0.37-4

6.0.37-5

6.5.14-1

6.5.14-2

6.5.19-1

6.5.19-2

6.5.19-3~bpo8+1

6.5.19-3

7.*

7.0.28-1

7.0.28-2

7.0.28-3

7.0.28-4

7.5.18-1

7.5.18-2

7.5.18-3

7.5.18-4~bpo8+1

7.5.18-4

8.*

8.0.44-1

8.0.44-2

8.0.44-3

8.0.44-4

8.0.61-1

8.0.61-2

8.0.61-3

9.*

9.0.176-1

9.0.176-2

9.1.85-1

9.1.85-2

9.1.85-3

9.1.85-4~bpo9+1

9.1.85-4

9.1.85-5

9.1.85-6

9.1.85-7~bpo9+1

9.1.85-7

9.1.85-8~bpo9+1

9.1.85-8

9.2.88-1

9.2.148-1

9.2.148-2

9.2.148-3

9.2.148-4

9.2.148-5

9.2.148-6

9.2.148-7

10.*

10.0.130-1

10.0.130-2

10.0.130-3

10.1.105-1

10.1.105-2

10.1.105-3

10.1.168-1

10.1.168-2

10.1.168-3

10.1.168-4

10.1.168-5

10.1.168-6

10.1.168-7~bpo10+1

10.1.168-7

10.1.168-8

10.1.168-9

10.1.168-10

10.1.168-11

10.1.243-1

10.1.243-2

10.1.243-3

10.1.243-4

10.1.243-5

10.1.243-6~bpo10+1

10.1.243-6

10.1.243-7

10.1.243-8

10.2.89-1

10.2.89-2

10.2.89-3

10.2.89-4

10.2.89-5~bpo10+1

10.2.89-5

11.*

11.0.2-1

11.0.3-1

11.0.3-2

11.0.3-3

11.1.0-1

11.1.1-1

11.1.1-2

11.1.1-3~bpo10+1

11.1.1-3

11.1.1-4

11.2.0-1

11.2.0-2~bpo10+1

11.2.0-2

11.2.1-1

11.2.1-2~bpo10+1

11.2.1-2

11.2.2-1

11.2.2-2~bpo10+1

11.2.2-2

11.2.2-3

11.3.0-1

11.3.1-1

11.3.1-2

11.3.1-3

11.3.1-4

11.3.1-5

11.4.0-1

11.4.1-1

11.4.1-2

11.4.2-1

11.4.3-1

11.4.3-2

11.4.3-3

11.4.3-4

11.4.3-5

11.5.0-1

11.5.1-1

11.5.1-2

11.5.2-1

11.5.2-2

11.5.2-3

11.5.2-4

11.6.0-1

11.6.1-1

11.6.2-1

11.6.2-2

11.6.2-3

11.6.2-4

11.6.2-5

11.6.2-6

11.7.0-1

11.7.0-2

11.7.1-1

11.7.1-2

11.7.1-3

11.7.1-4

11.7.1-5

11.8.0-1

11.8.0-2

11.8.0-3

11.8.0-4

11.8.0-5~deb12u1

11.8.0-5

12.*

12.0.0-1

12.0.0-2

12.0.1-1

12.0.1-2

12.0.1-3

12.0.1-4

12.0.1-5

12.0.1-6

12.1.0-1

12.1.0-2

12.1.1-1

12.1.1-2

12.1.1-3

12.1.1-4

12.2.0-1

12.2.0-2

12.2.0-3

12.2.1-1

12.2.1-2

12.2.1-3

12.2.2-1

12.2.2-2

12.3.0-1

12.3.1-1

12.3.2-1

12.4.0-1

12.4.0-2

12.4.1-1

12.4.1-2

12.4.1-3

12.4.1-4

12.4.1-5

12.4.1-6

12.4.1-7

12.4.1-8

12.5.0-1

12.5.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-23338.json"