Local Kernel Memory Corruption Vulnerability in NVIDIA DGX H100 BMC
CVE-2023-25527

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Dgx H100 Bmc
Vendor: CVE Published:; 20 September 2023

Summary

The NVIDIA DGX H100 BMC is susceptible to a local vulnerability through the host KVM daemon, allowing an authenticated attacker to manipulate kernel memory. Exploiting this weakness may result in the execution of arbitrary kernel code, potential denial of service, privilege escalation, and even unauthorized access to sensitive information, leading to data tampering.

Affected Version(s)

DGX H100 BMC All versions prior to 23.08.07

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5473

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Feb 7, 2023