Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5453
HistoryMar 31, 2023 - 12:00 a.m.

Security Bulletin: NVIDIA DCGM - March 2023

2023-03-3100:00:00
nvidia.custhelp.com
18
nvidia
dcgm
security update
denial of service
data tampering
linux
cve‑2023‑0208
heap-based buffer overflow
mitigation

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

NVIDIA has released a software update for NVIDIA® Data Center GPU Manager (DCGM). The update addresses security issues that may lead to denial of service and data tampering. To protect your system, download and install the latest DCGM release from the CUDA repositories.

Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

CVE ID Description Base Score Vector
CVE‑2023‑0208 NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. 8.4 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

CVE IDs Addressed Software Product Operating System Affected Versions Updated Version
CVE‑2023‑0208 DCGM Linux All versions prior to 3.1.7 3.1.7

Notes

  • Earlier software branch releases that support this product are also affected. If you are using an earlier branch release, upgrade to the latest branch release.

Mitigations

See Security Updates for the version to install.

CPENameOperatorVersion
dcgmlt3.1.7

Related

cvelist 1
prion 1
osv 1
nvd 1
cve 1
cvelist
cvelist
CVE-2023-0208
2023-04-01 03:23:19
prion
prion
Heap overflow
2023-04-01 04:15:00
osv
osv
CVE-2023-0208
2023-04-01 04:15:08
nvd
nvd
CVE-2023-0208
2023-04-01 04:15:08
cve
cve
CVE-2023-0208
2023-04-01 04:15:08

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for NVIDIA:5453
cvelist1prion1osv1nvd1cve1