CVE-2023-25527

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 20, 2023

Updated: Sep 22, 2023

CWE ID 119

Summary

CVE-2023-25527 is a vulnerability affecting the host KVM daemon in the BMC (Baseboard Management Controller) of NVIDIA DGX H100 systems. An authenticated local attacker can manipulate this weakness to corrupt kernel memory, potentially resulting in arbitrary kernel code execution, denial of service, privilege escalation, information disclosure, and data tampering. This issue poses a significant risk, as successful exploitation may allow attackers to gain unauthorized access or cause system instability. Users are advised to apply the necessary security updates as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sfLc3v
https://www.cve.org/CVERecord?id=CVE-2023-25527
https://nvd.nist.gov/vuln/detail/CVE-2023-25527

Back to Vulnerability Database

CVE-2023-25527

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations