NVIDIA Nsight Systems OS Command Injection Vulnerability in .run Installer

A command injection vulnerability has been identified in the NVIDIA Nsight Systems .run installer for Linux. This issue allows an attacker to inject malicious strings into the installation path, potentially leading to unauthorized command execution. Exploitation of this vulnerability could result in privilege escalation, arbitrary code execution, data manipulation, denial of service, and unauthorized information access.

Impact

Successful exploitation allows for OS command injection, which could be exploited to execute arbitrary commands on the system with the same privileges as the user running the installer. This could lead to unauthorized access, data manipulation, and disruption of services.

Remediation

Users are advised to upgrade to the latest version of the NVIDIA CUDA Toolkit, which includes this vulnerability fix. The updated version can be downloaded from the NVIDIA CUDA Toolkit Downloads page.