CVE

CVE-2023-31029

9.3CRITICAL

Key Information

Vendor: Nvidia
Status: Dgx A100
Vendor: CVE Published:; 12 January 2024

Summary

NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Affected Version(s)

DGX A100 = All BMC versions prior to 00.22.05

Refferences

https://nvidia.custhelp.com/app/answers/detail/a_id/5510

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
Apr 22, 2023

Collectors

NVD DatabaseMitre Database