Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5546
HistoryMay 29, 2024 - 12:00 a.m.

Security Bulletin: Triton Inference Server - May 2024

2024-05-2900:00:00
nvidia.custhelp.com
8
nvidia
triton inference server
security update
vulnerability
software
cve-2024-0103
cve-2024-0095
linux
windows
information disclosure
code execution
denial of service
data tampering

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide.

Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. The description uses CWE™, and the base score and vector use CVSS v3.1 standards.

CVE ID Description Vector Base Score Severity CWE Impacts
CVE-2024-0103 NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. A successful exploit of this vulnerability may lead to information disclosure. AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 5.4 Medium CWE-1419 Information disclosure
CVE-2024-0095 NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H 4.3 Medium CWE-117 Data tampering

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

Security Updates

The following tables list the NVIDIA systems affected, firmware versions affected, and the updated version that includes this security update.

CVE IDs Addressed Affected Products Platform or OS Affected Versions Updated Version
CVE-2024-0095 NVIDIA Triton Inference Server Linux, Windows 20.10 to 24.04 24.05
CVE-2024-0103 NVIDIA Triton Inference Server Linux, Windows 23.10 to 24.04 24.05

Notes

  • Users deploying NVIDIA Triton Inference Server in production settings should follow the Secure Deployment Considerations Guide and ensure that logging and shared memory APIs are protected for use by authorized users.

Related

cvelist 2
cve 2
nvd 2
vulnrichment 2
cvelist
cvelist
CVE-2024-0095 CVE
2024-06-13 21:16:51
CVE-2024-0103 CVE
2024-06-13 21:16:51
cve
cve
CVE-2024-0095
2024-06-13 22:15:13
CVE-2024-0103
2024-06-13 22:15:13
nvd
nvd
CVE-2024-0103
2024-06-13 22:15:13
CVE-2024-0095
2024-06-13 22:15:13
vulnrichment
vulnrichment
CVE-2024-0103 CVE
2024-06-13 21:16:51
CVE-2024-0095 CVE
2024-06-13 21:16:51

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for NVIDIA:5546
cvelist2cve2nvd2vulnrichment2