What is the vulnerability ID for this NVIDIA DGX H100 BMC vulnerability?

The vulnerability ID for this NVIDIA DGX H100 BMC vulnerability is CVE-2023-25529.

What is the severity level of CVE-2023-25529?

The severity level of CVE-2023-25529 is high.

How does this vulnerability in the host KVM daemon impact NVIDIA DGX H100 BMC?

This vulnerability in the host KVM daemon may lead to information disclosure and escalation of privileges on NVIDIA DGX H100 BMC.

What software version of NVIDIA DGX H100 BMC is affected by CVE-2023-25529?

The NVIDIA DGX H100 BMC firmware version up to exclusive 23.08.18 is affected by CVE-2023-25529.

How can I fix the vulnerability in NVIDIA DGX H100 BMC?

To fix the vulnerability in NVIDIA DGX H100 BMC, it is recommended to update the firmware to a version beyond 23.08.18.

Vulnerability/
CVE-2023-25529

high

8.1

CWE

203 208

20/9/2023

2/8/2024

CVE-2023-25529

First published: Wed Sep 20 2023(Updated: )

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.

Credit: psirt@nvidia.com psirt@nvidia.com

Affected Software	Affected Version	How to fix
Nvidia Dgx H100 Firmware	<23.08.18
NVIDIA DGX H100
All of
Nvidia Dgx H100 Firmware	<23.08.18
NVIDIA DGX H100

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this NVIDIA DGX H100 BMC vulnerability?
The vulnerability ID for this NVIDIA DGX H100 BMC vulnerability is CVE-2023-25529.
What is the severity level of CVE-2023-25529?
The severity level of CVE-2023-25529 is high.
How does this vulnerability in the host KVM daemon impact NVIDIA DGX H100 BMC?
This vulnerability in the host KVM daemon may lead to information disclosure and escalation of privileges on NVIDIA DGX H100 BMC.
What software version of NVIDIA DGX H100 BMC is affected by CVE-2023-25529?
The NVIDIA DGX H100 BMC firmware version up to exclusive 23.08.18 is affected by CVE-2023-25529.
How can I fix the vulnerability in NVIDIA DGX H100 BMC?
To fix the vulnerability in NVIDIA DGX H100 BMC, it is recommended to update the firmware to a version beyond 23.08.18.

collector/nvd-index
agent/weakness
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/nvidia
canonical/nvidia dgx h100 firmware
canonical/nvidia dgx h100

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.