CVE-2023-25529

HIGH

Nvidia Dgx H100 Firmware < 23.08.18 - Information Disclosure

Title source: rule

Description

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.

References (2)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5473

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5510

Scores

CVSS v3 8.0

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Details

CWE

CWE-208 CWE-203

Status published

Products (1)

nvidia/dgx_h100_firmware < 23.08.18

Published Sep 20, 2023

Tracked Since Feb 18, 2026