Lucene search

NvidiaNVIDIA:5480

HistorySep 06, 2023 - 12:00 a.m.

Security Bulletin: NVIDIA Cumulus Linux - September 2023

2023-09-0600:00:00

nvidia.custhelp.com

nvidia

cumulus linux

security update

information disclosure

denial of service

cve-2023-25525

cve-2023-25526

software update

marc dovero

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

49.1%

JSON

NVIDIA has released a software update for NVIDIA Cumulus Linux. This update addresses security issues that may lead to information disclosure and denial of service. To protect your system, download and install the latest version of NVIDIA Cumulus Linux from the NVIDIA Enterprise Support Portal.

Go to NVIDIA Product Security.

CVE IDs Addressed	Affected Product	Operating System	Affected Versions	Updated Version

CVE-2023-25525

Cumulus Linux

All versions prior to 5.6.0

5.6.0

CVE-2023-25526

Cumulus Linux

| All versions prior to 5.5.0 | 5.5.0

Notes

Earlier software branch releases that support this product are also affected. If you are using an earlier branch release, upgrade to the latest branch release.

Acknowledgements

NVIDIA thanks the following finders:

CVE-2023-25525, CVE-2023-25526: Marc Dovero

****

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

49.1%

JSON

Related for NVIDIA:5480