CVE

CVE-2023-31029

9.3CRITICAL

Key Information

Vendor: Nvidia
Status: Dgx A100
Vendor: CVE Published:; 12 January 2024

Summary

NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Affected Version(s)

DGX A100 = All BMC versions prior to 00.22.05

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: 9.8 to: 9.3 - (CRITICAL)
Oct 25, 2024
Vulnerability published.
Jan 12, 2024
Vulnerability Reserved.
Apr 22, 2023

Collectors

NVD DatabaseMitre Database