Information Disclosure Vulnerability in NVIDIA DGX H100 BMC
CVE-2023-25529

8.1HIGH

Key Information:

Vendor: NVIDIA
Status: DGX H100 BMC; DGX A100 BMC
Vendor: CVE Published:; 20 September 2023

What is CVE-2023-25529?

The NVIDIA DGX H100 BMC features a vulnerability within the host KVM daemon, which allows an unauthenticated attacker to potentially exploit timing discrepancies in server responses to access another user's session token. This could lead to unauthorized information disclosure, escalation of privileges, and possible data tampering, compromising the security and integrity of users’ sessions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DGX A100 BMC All BMC versions prior to 00.22.05

DGX H100 BMC All versions prior to 23.08.07

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5473

https://nvidia.custhelp.com/app/answers/detail/a_id/5510

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Feb 7, 2023

JSON

NVIDIA

What is CVE-2023-25529?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.