NVIDIA Base Command Manager Update Patches CVE-2024-0138 (CVSS 9.8)
NVIDIA has issued a critical security update for its Base Command Manager software, addressing a vulnerability that could open systems to a range of serious attacks. The flaw, tracked as CVE-2024-0138 and assigned a CVSS score of 9.8, resides in the CMDaemon component and could allow attackers to execute code, escalate privileges, and tamper with data.
According to NVIDIA’s security bulletin, “A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.” This high-severity vulnerability affects NVIDIA Base Command Manager version 10.24.09.
To mitigate this risk, NVIDIA urges users to update to the patched version 10.24.09a immediately. The update can be obtained through the BCM Package Repository.
The company has provided clear instructions for implementing the update:
- Update to the most recent version of CMdaemon on the head nodes and in all software images.
- Update the nodes by either rebooting them or resynchronizing them with the software image.
Fortunately, NVIDIA has confirmed that “Base Command Manager 10.24.07 and earlier versions do not contain this vulnerability.” However, it is crucial for users of version 10.24.09 to apply the update promptly to ensure their systems are protected.
Given the critical nature of this vulnerability, which could enable an attacker to gain deep access into an organization’s systems, timely application of this patch is crucial. Organizations using NVIDIA Base Command Manager should prioritize updating their systems to safeguard against the risk of exploitation.
