CVE-2023-25529

Name of the Vulnerable Software and Affected Versions NVIDIA DGX H100 BMC (affected versions not specified) NVIDIA DGX A100 BMC (affected versions not specified)

Description The vulnerability is located in the host KVM daemon of the NVIDIA DGX H100 BMC and DGX A100 BMC, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this issue may lead to information disclosure, escalation of privileges, and data tampering.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.