CVE-2023-31037: Code Injection
First published: Wed Jan 24 2024(Updated: )
NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Nvidia Bluefield Bmc | =2.8.2-46 | |
| Nvidia Bluefield Bmc | =23.04 | |
| Nvidia Bluefield Bmc | =23.07 | |
| Nvidia Bluefield Bmc | =23.09 | |
| Any of | ||
| Nvidia Bluefield 2 Ga | ||
| Nvidia Bluefield 2 Lts | ||
| Nvidia Bluefield 3 Ga |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/nvidia
- canonical/nvidia bluefield bmc
- version/nvidia bluefield bmc/2.8.2-46
- version/nvidia bluefield bmc/23.04
- version/nvidia bluefield bmc/23.07
- version/nvidia bluefield bmc/23.09
- canonical/nvidia bluefield 2 ga
- canonical/nvidia bluefield 2 lts
- canonical/nvidia bluefield 3 ga