CVE-2023-31024 - OpenCVE

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Nvidia	Dgx A100 Dgx A100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*

cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5510	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nvidia

Published: 2024-01-12T18:31:35.602Z

Updated: 2024-01-12T18:31:35.602Z

Reserved: 2023-04-22T02:38:27.191Z

Link: CVE-2023-31024

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-12T19:15:09.397

Modified: 2024-01-18T20:46:57.390

Link: CVE-2023-31024

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*", "matchCriteriaId": "866DDFEC-0CB8-4152-B36E-A358497AA4D0", "versionEndExcluding": "00.22.05", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA DGX A100 BMC contiene una vulnerabilidad en el daemon KVM del host, donde un atacante no autenticado puede da\u00f1ar la memoria de la pila al enviar un paquete de red especialmente manipulado. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario, denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."}], "id": "CVE-2023-31024", "lastModified": "2024-01-18T20:46:57.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2024-01-12T19:15:09.397", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}