Nvidia has issued a security update addressing two vulnerabilities in its Hopper HGX 8-GPU HMC, including a high-severity flaw that could allow unauthorized code execution, privilege escalation, and data tampering.
The most severe vulnerability, identified as CVE-2024-0114 (CVSS 8.1), exists in the HGX Management Controller (HMC). This flaw could allow a malicious actor with administrative access to the baseboard management controller (BMC) to gain administrator access to the HMC.
“A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering,” warns NVIDIA in its security bulletin.
The second vulnerability, CVE-2024-0141 (CVSS 6.8), resides in the GPU VBIOS and is rated as medium severity. It could allow an attacker with tenant-level GPU access to write to an unsupported registry, potentially leading to a denial of service.
The vulnerabilities impact multiple HGX firmware versions, including:
- HGX-22.10-1-rc67 (1.5.0)
- HGX-22.10-1-rc63 (1.4.0)
- HGX-22.10-1-rc59 (1.3.2)
- HGX-22.10-1-rc57 (1.3.0/1.3.1)
Users are advised to update to version 1.6.0 or later, which contains patches for both vulnerabilities.
Related Posts:
- CISA Adds Seven New Vulnerabilities in Known Exploited Vulnerabilities Catalog
- WordPress Issues Urgent Security Update to Patch Multiple Vulnerabilities
- Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure
