CVE-2023-25529
published 2023-09-20CVE-2023-25529: NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nvidia | dgx_a100_bmc | — | — |
| nvidia | dgx_h100_bmc | — | — |
| nvidia | dgx_h100_firmware | < 23.08.18 | 23.08.18 |