CVE-2023-25529

Summary

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIADGX H100 BMCAll versions prior to 23.08.07affected
NVIDIADGX A100 BMCAll BMC versions prior to 00.22.05affected

Weaknesses

  • CWE-208: CWE-208

ADP Enrichment

CVE Program Container

Additional References

References