Critical bugs patched in Nvidia AI kit

4 months ago AndyC

Nvidia has issued fixes for 11 firmware vulnerabilities, the most serious of which are rated crucial.

Critical bugs patched in Nvidia AI kit

Nvidia has issued fixes for 11 firmware vulnerabilities, the most serious of which are rated crucial.




Critical bugs patched in Nvidia AI kit










The three critical bugs in its advisory are CVE-2023-31029 (CVSS score 9.3), CVE-2023-31030 (CVSS score 9.3), and CVE-2023-31024 (CVSS score 9.0).

All three are bugs in the keyboard, video and mouse (KVM) daemon in Nvidia’s baseboard management controller (BMC) of the company’s DGX A100, a five petaFLOPS AI system based on its A100 Tensor core.

In all three, the advisory stated, “an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet.”

An exploit could lead to “arbitrary code execution, denial of service, information disclosure, and data tampering.”

The BMC in the company’s DGX H100 and DGX A100 are also subject to CVE-2023-25529 and CVE-2023-25530 (both CVSS 8.0), both in the KVM service. 

CVE-2023-25529 is a potential leak of a user’s session token, while CVE-2023-25530 is an input validation bug.

The BMC bugs are present in all versions prior to 00.22.05.

Fixes have also been issued for lower-rated vulnerabilities in DGX A100 SBIOS versions prior to 1.25.



About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Telstra to push back 3G switch-off

Telstra to push back 3G switch-off

2 hours ago AndyC
Nick Ellsmore to Lead Mantel Group’s Cybersecurity Capabilities

Nick Ellsmore to Lead Mantel Group’s Cybersecurity Capabilities

5 hours ago AndyC
NBN Co CEO Stephen Rue to lead Optus

NBN Co CEO Stephen Rue to lead Optus

5 hours ago AndyC
Rapid detection and response are the foundation of an effective cloud security strategy

Rapid detection and response are the foundation of an effective cloud security strategy

5 hours ago AndyC
Why e-commerce security is a balancing act between speed and protection

Why e-commerce security is a balancing act between speed and protection

5 hours ago AndyC
How the evolution of AI will reshape cybersecurity

How the evolution of AI will reshape cybersecurity

5 hours ago AndyC

You may have missed

Telstra to push back 3G switch-off

Telstra to push back 3G switch-off

2 hours ago AndyC
Nick Ellsmore to Lead Mantel Group’s Cybersecurity Capabilities

Nick Ellsmore to Lead Mantel Group’s Cybersecurity Capabilities

5 hours ago AndyC
NBN Co CEO Stephen Rue to lead Optus

NBN Co CEO Stephen Rue to lead Optus

5 hours ago AndyC
Rapid detection and response are the foundation of an effective cloud security strategy

Rapid detection and response are the foundation of an effective cloud security strategy

5 hours ago AndyC
Why e-commerce security is a balancing act between speed and protection

Why e-commerce security is a balancing act between speed and protection

5 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.