Security gaps: Nvidia CUDA Toolkit allows malicious code to pass through
Important security updates close several vulnerabilities in Nvidia CUDA Toolkit.
(Image: Artur Szczybylo/Shutterstock.com)
Nvidia's CUDA programming interface has security vulnerabilities, allowing malicious code to enter systems, among other things. Depending on the vulnerability, Linux and Windows are threatened. A patched version of CUDA Toolkit provides a remedy.
Various Dangers
Specifically, Nsight Systems and Nsight Visual Studio on Linux and Windows are affected by the vulnerabilities (CVE-2025-33228 “high”, CVE-2025-33229 “high”, CVE-2025-33230 “high”, CVE-2025-33231 “medium”). Attackers can exploit the vulnerabilities, for example, with manipulated strings in the context of the installation path.
If attacks are successful, attackers can, among other things, gain unauthorized access to data or even execute malicious code. The latter typically leads to a complete compromise of computers.
In a warning message from Nvidia, there are currently no indications of ongoing attacks. To protect systems, administrators should install the CUDA Toolkit version 13.1, which is equipped with security patches. The warning message reads that all previous versions are vulnerable.
Videos by heise
In the recent past, Nvidia has primarily supplied AI software with security updates.
(des)
