CVE-2023-25527

CWE-119Buffer Overflow3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 80.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia DGX H100 FirmwareNvidia DGX H100 BMC
Timeline
PublishedSep 20

Description

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDnvidia/dgx_h100_firmware< 23.08.18
CVEListV5nvidia/dgx_h100_bmcAll versions prior to 23.08.07

🔴Vulnerability Details

2
GHSA
GHSA-4g2v-p7fm-xrqm: NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory2023-09-20
CVEList
CVE-2023-25527: NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory2023-09-20
CVE-2023-25527 (HIGH CVSS 7.8) | NVIDIA DGX H100 BMC contains a vuln | cvebase.io