Description
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected products
- NVIDIA / DGX A100 BMCAll BMC versions prior to 00.22.05 – All BMC versions prior to 00.22.05
- NVIDIA / DGX H100 BMCAll versions prior to 23.08.07 – All versions prior to 23.08.07