Nvidia Dgx A100 vulnerabilities

CVE-2023-31029 [CRITICAL] CWE-121 CVE-2023-31029: NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemo NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampe

CVE-2023-31030 [CRITICAL] CWE-121 CVE-2023-31030: NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attack NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE-2023-31024 [CRITICAL] CWE-121 CVE-2023-31024: NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attack NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE-2023-31033 [MEDIUM] CWE-306 CVE-2023-31033: NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue f NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

CVE-2023-31031 [MEDIUM] CWE-122 CVE-2023-31031: NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

CVE-2023-31035 [HIGH] CWE-20 CVE-2023-31035: NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerabil NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVE-2023-31025 [MEDIUM] CWE-90 CVE-2023-31025: NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A s NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.

CVE-2023-31034 [MEDIUM] CWE-190 CVE-2023-31034: NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation che NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVE-2023-31032 [HIGH] CWE-627 CVE-2023-31032: NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.