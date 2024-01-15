en English
af Afrikaanssq Albanianam Amharicar Arabichy Armenianaz Azerbaijanieu Basquebe Belarusianbn Bengalibs Bosnianbg Bulgarianca Catalanceb Cebuanony Chichewazh-CN Chinese (Simplified)zh-TW Chinese (Traditional)co Corsicanhr Croatiancs Czechda Danishnl Dutchen Englisheo Esperantoet Estoniantl Filipinofi Finnishfr Frenchfy Frisiangl Galicianka Georgiande Germanel Greekgu Gujaratiht Haitian Creoleha Hausahaw Hawaiianiw Hebrewhi Hindihmn Hmonghu Hungarianis Icelandicig Igboid Indonesianga Irishit Italianja Japanesejw Javanesekn Kannadakk Kazakhkm Khmerko Koreanku Kurdish (Kurmanji)ky Kyrgyzlo Laola Latinlv Latvianlt Lithuanianlb Luxembourgishmk Macedonianmg Malagasyms Malayml Malayalammt Maltesemi Maorimr Marathimn Mongolianmy Myanmar (Burmese)ne Nepalino Norwegianps Pashtofa Persianpl Polishpt Portuguesepa Punjabiro Romanianru Russiansm Samoangd Scottish Gaelicsr Serbianst Sesothosn Shonasd Sindhisi Sinhalask Slovaksl Slovenianso Somalies Spanishsu Sundanesesw Swahilisv Swedishtg Tajikta Tamilte Teluguth Thaitr Turkishuk Ukrainianur Urduuz Uzbekvi Vietnamesecy Welshxh Xhosayi Yiddishyo Yorubazu Zulu
cloud
Sign in
cloud
search
Cybersecurity

Nvidia Releases Fixes for Critical Firmware Vulnerabilities

author
By: BNN Correspondents
Published: January 15, 2024 at 11:07 pm EST
Nvidia Releases Fixes for Critical Firmware Vulnerabilities

In a significant move, tech giant Nvidia has unveiled fixes for a total of eleven firmware vulnerabilities, including three that have been deemed critical. Discovered in the baseboard management controller (BMC) of Nvidia’s DGX A100 system, specifically in the keyboard, video, and mouse (KVM) daemon, these vulnerabilities pose a significant risk.

Understanding the Threat

The most severe vulnerabilities are identified as CVE-2023-31029, CVE-2023-31030, and CVE-2023-31024. All three have secured high scores on the Common Vulnerability Scoring System (CVSS), an industry-standard that gauges the severity of computer system security weaknesses. These vulnerabilities could be exploited by an attacker sending a specially designed network packet, potentially triggering a stack overflow. This could lead to arbitrary code execution, denial of service, information disclosure, and even data tampering.

High-Severity Vulnerabilities

Alongside these critical threats, Nvidia has also unveiled two high-severity vulnerabilities, CVE-2023-25529 and CVE-2023-25530, found in the KVM service of both DGX H100 and DGX A100 models. These relate to a potential session token leak and an input validation bug respectively. The vulnerabilities are present in all versions of the BMC prior to 00.22.05.

Lower-Rated Vulnerabilities

Furthermore, Nvidia has addressed several lower-rated vulnerabilities in the DGX A100 SBIOS versions prior to 1.25 with the new fixes. These vulnerabilities, while less severe, still pose a potential threat to the security and integrity of systems.

While the fixes have been released, it is up to the individual users and administrators to ensure their systems are updated and secured. In the era of increasing cybersecurity threats, such proactive measures are essential in maintaining the safety and integrity of digital systems.

0
Cybersecurity United States
author

BNN Correspondents

Founded by visionary entrepreneur Gurbaksh Chahal, BNN Newsroom has risen to prominence as a powerhouse in the international journalism landscape. With a global news desk that operates in over 200 markets, BNN provides up-to-the-minute breaking news, sophisticated data analysis, and thorough research to keep audiences informed and engaged. Upholding a commitment to integrity and unbiased reporting, BNN proudly operates a conflict-free platform, ensuring that its coverage remains free from external influences and dedicated to the truth.

Comments

There are no comments yet.
Log in to comment

Cybersecurity

See more
3 hours ago
Crypto Community Rides Rollercoaster of Emotions Amid SEC Bitcoin ETF Approval Saga
In a momentous week that kept the crypto community on edge, the U.S. Securities and Exchange Commission (SEC) approved eleven spot Bitcoin Exchange-Traded Funds (ETFs), marking a pivotal turn in the relationship between cryptocurrency and traditional finance. This approval, coming after a long, winding journey, signals a potential mainstream acceptance of Bitcoin and provides investors
Crypto Community Rides Rollercoaster of Emotions Amid SEC Bitcoin ETF Approval Saga
Global Tech Security on Edge: Multiple Vulnerabilities Actively Exploited
15 hours ago
Global Tech Security on Edge: Multiple Vulnerabilities Actively Exploited
Unprecedented Government Data Breach in Australia: Millions of Files Stolen
17 hours ago
Unprecedented Government Data Breach in Australia: Millions of Files Stolen
WEF Spotlights Cyber Inequity: A Call for Global Action
3 hours ago
WEF Spotlights Cyber Inequity: A Call for Global Action
Bitdefender Discovers Significant Vulnerability in Bosch Smart Thermostat
11 hours ago
Bitdefender Discovers Significant Vulnerability in Bosch Smart Thermostat
Australia Grapples with $33 Billion Annual Loss to Increasingly Sophisticated Cyberattacks
13 hours ago
Australia Grapples with $33 Billion Annual Loss to Increasingly Sophisticated Cyberattacks
Latest Headlines
World News
Revolutionizing Physiotherapy: Startoon Labs' Pheezee, World's Smallest EMG Machine
17 seconds
Revolutionizing Physiotherapy: Startoon Labs' Pheezee, World's Smallest EMG Machine
Stephen Laybutt, Former Australian Olympian, Found Dead in New South Wales Bushland
21 seconds
Stephen Laybutt, Former Australian Olympian, Found Dead in New South Wales Bushland
Ex-Socceroo Stephen Laybutt Found Deceased in New South Wales
57 seconds
Ex-Socceroo Stephen Laybutt Found Deceased in New South Wales
YouGov Poll Foresees Potential Political Storm for Tories
9 mins
YouGov Poll Foresees Potential Political Storm for Tories
100 Days of Conflict: Israel's Attack on Gaza Continues Amid Diminishing Hope for Diplomacy
9 mins
100 Days of Conflict: Israel's Attack on Gaza Continues Amid Diminishing Hope for Diplomacy
King Charles III's Private Discussions with Prince William, Excluding Prince Harry, on the Night of Queen Elizabeth II's Death
11 mins
King Charles III's Private Discussions with Prince William, Excluding Prince Harry, on the Night of Queen Elizabeth II's Death
2024 U.S. Presidential Campaign: Key Developments in Iowa
13 mins
2024 U.S. Presidential Campaign: Key Developments in Iowa
Sam Kerr's Optimistic Road to Recovery Following ACL Surgery
13 mins
Sam Kerr's Optimistic Road to Recovery Following ACL Surgery
Ozempic: An Unanticipated Ally in Curbing Alcohol Consumption
14 mins
Ozempic: An Unanticipated Ally in Curbing Alcohol Consumption
King Charles III's Private Discussions with Prince William, Excluding Prince Harry, on the Night of Queen Elizabeth II's Death
11 mins
King Charles III's Private Discussions with Prince William, Excluding Prince Harry, on the Night of Queen Elizabeth II's Death
World Economic Forum 2024: 'Rebuilding Trust' Amid Global Challenges
58 mins
World Economic Forum 2024: 'Rebuilding Trust' Amid Global Challenges
World Economic Forum 2024: A Call for Global Collaboration
1 hour
World Economic Forum 2024: A Call for Global Collaboration
A Week of Opportunities: IPOs, Politics, and Tech Advancements
1 hour
A Week of Opportunities: IPOs, Politics, and Tech Advancements
Pope Francis Announces Long-Awaited Return to Argentina in 2024
2 hours
Pope Francis Announces Long-Awaited Return to Argentina in 2024
WEF Spotlights Cyber Inequity: A Call for Global Action
3 hours
WEF Spotlights Cyber Inequity: A Call for Global Action
Mary Donaldson: The First Australian-Born Queen
3 hours
Mary Donaldson: The First Australian-Born Queen
Harbin Remembers: A Solemn Tribute to Victims of Unit 731
4 hours
Harbin Remembers: A Solemn Tribute to Victims of Unit 731
The Hidden Costs of Homeownership: Millennials Face Unexpected Maintenance Expenses
4 hours
The Hidden Costs of Homeownership: Millennials Face Unexpected Maintenance Expenses

Stay connected!

    © 2023 BNN
    Privacy Policy
    Terms of Service
    Help
    © 2023 BNN
    bnn wechat
    BNN

    BNN Breaking

    Magazines & Newspapers

    Free - In Google Play

    Install Open in app