CVE-2023-31029

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-31029
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*
cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*
History

18 Jan 2024, 20:50

Type Values Removed Values Added
CPE cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*
CWE CWE-787
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5510 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5510 - Vendor Advisory
Summary
  • (es) El controlador de administración de placa base (BMC) NVIDIA DGX A100 contiene una vulnerabilidad en el daemon KVM del host, donde un atacante no autenticado puede causar un desbordamiento de pila al enviar un paquete de red especialmente manipulado. Una explotación exitosa de esta vulnerabilidad puede provocar la ejecución de código arbitrario, denegación de servicio, divulgación de información y manipulación de datos.
CVSS v2 : unknown
v3 : 9.3 		v2 : unknown
v3 : 9.8
First Time Nvidia dgx A100
Nvidia
Nvidia dgx A100 Firmware

12 Jan 2024, 19:21

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-12 19:15

Updated : 2024-01-18 20:50

NVD link : CVE-2023-31029

Mitre link : CVE-2023-31029

CVE.ORG link : CVE-2023-31029

JSON object : View

Products Affected

nvidia

  • dgx_a100
  • dgx_a100_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow