CVE-2023-31029

EUVD-2023-35366
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 CRITICAL
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvidiaCNA
9.3 CRITICAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
nvidiadgx_a100_firmware
𝑥
< 00.22.05
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://nvidia.custhelp.com/app/answers/detail/a_id/5510
https://nvidia.custhelp.com/app/answers/detail/a_id/5510