Lucene search

NvidiaCVELIST:CVE-2023-25529

HistorySep 20, 2023 - 12:08 a.m.

CVE-2023-25529

2023-09-2000:08:17

CWE-208

nvidia

www.cve.org

nvidia

dgx h100

dgx a100

host

kvm daemon

unauthenticated attacker

session token

timing discrepancies

information disclosure

escalation of privileges

data tampering

vulnerability

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

54.8%

JSON

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DGX H100 BMC",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 23.08.07"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DGX A100 BMC",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All BMC versions prior to 00.22.05"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5473

nvidia.custhelp.com/app/answers/detail/a_id/5510

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

54.8%

JSON

Related for CVELIST:CVE-2023-25529