NVIDIA Addresses High-Severity HGX Management Controller Vulnerability

NVIDIA Addresses High-Severity HGX Management Controller Vulnerability
Summary: Nvidia has released a security update to address two vulnerabilities in its Hopper HGX 8-GPU HMC, including a high-severity flaw that could enable unauthorized code execution. The most critical vulnerability could grant administrative access to the HGX Management Controller, while a second medium severity flaw could lead to denial of service. Users must upgrade to version 1.6.0 or later to mitigate these risks.

Affected: Nvidia Hopper HGX 8-GPU HMC

Keypoints :

  • High-severity vulnerability CVE-2024-0114 (CVSS 8.1) allows unauthorized code execution and privilege escalation.
  • Medium-severity vulnerability CVE-2024-0141 (CVSS 6.8) may cause denial of service for attackers with tenant-level access.
  • Affected firmware versions include multiple iterations of HGX-22.10, requiring users to update to 1.6.0 or later for security patches.

Source: https://securityonline.info/cve-2024-0114-nvidia-addresses-high-severity-hmc-vulnerability/