Dgx A100 Firmware
CVE-2023-31029
CRITICAL
Severity by source
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
AnalysisAI
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-121. NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. Affected products include: Nvidia Dgx A100 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Dgx A100 Firmware
View allNVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack m
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vu
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause acc
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can re
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providin
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. Rat
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be us
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical functi
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today