Summary: Nvidia has released a security update to address two vulnerabilities in its Hopper HGX 8-GPU HMC, including a high-severity flaw that could enable unauthorized code execution. The most critical vulnerability could grant administrative access to the HGX Management Controller, while a second medium severity flaw could lead to denial of service. Users must upgrade to version 1.6.0 or later to mitigate these risks.
Affected: Nvidia Hopper HGX 8-GPU HMC
Keypoints :
- High-severity vulnerability CVE-2024-0114 (CVSS 8.1) allows unauthorized code execution and privilege escalation.
- Medium-severity vulnerability CVE-2024-0141 (CVSS 6.8) may cause denial of service for attackers with tenant-level access.
- Affected firmware versions include multiple iterations of HGX-22.10, requiring users to update to 1.6.0 or later for security patches.
Source: https://securityonline.info/cve-2024-0114-nvidia-addresses-high-severity-hmc-vulnerability/