Debian Linux Security Advisory 5393-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5393-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 22, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136                  CVE-2023-2137Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 112.0.5615.138-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmREBtkACgkQEMKTtsN8TjZHjA//Xt54GrjHMIT1eis48gYiXhfhUxNl1MiA4eeSYFJuidwGLoZbG8AGmT+2OHUvwjOCiJ4RHV06fnpPuftn95Q9Ehz79WkNeeZSIKCuZPeNK6u6c2LZv3enU3ojFejG5y6k/L6kwBx7VUPNnvraZVZcB0zwbL/f9B5wXgAwluxqynyX3vZBPRjTsJATLQs/PMhx7wWVFXspQjIm6+9bVySuNEsIUTIsDNnRlLnSVler3THdcmlHLBVDU1Qb3CIN6bAzDDnJSOUQIHWKIPLSr84ygeT6n0/eeC7qzqJ4WvG7TKhsyXrH1z+XzRdMFajVDrOhYmofmRG4WgyXibcOfi0eR7aEahNVG4aLZlP+hZvKDlDrSJ5kzI8IH4NaXZid9IGZaOXvxKaTOsKaBuC3uHDlWny1aU5MBb/itSeYbXmNVzIip7BJ10wG9rjaQ4d6VEbrMDEEWy5rqP1PUexW5wNDAwNhMHhV2pgPHnDzkC3ScQM6uN4X2vxs58oGMaSsjqjYpR5MOIEoh2SnNdz4NDXxjP8+bdpOu7MOIh4nYBC/zcWf84DgeMq1tv3RR2LDXfwdMZyxlZc7thPvtZhXfUsDJRX38LD0S0B4JR1ERRqYerpj3ixAuOk6OyyJA0CcdiI1Yave1rFGzjzitxYkpgYG+uRYa/GWgDOuG1Ebbk6R2cE==vqQn-----END PGP SIGNATURE-----

Debian Security Advisory 5393-1

Debian Linux Security Advisory 5392-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5392-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
April 22, 2023                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-0547 CVE-2023-1945 CVE-2023-28427 CVE-2023-29479   
                 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539   
                 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in  
version 1:102.10.0-1~deb11u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmREBsEACgkQEMKTtsN8  
TjZX4w/+OuttNpDWu8m7daY/USfgb3U7pVI+wbMrqMKxSjQ6BRCUaCcXN1VXZpXn  
cOGTqSoFB+qBgYrSjJ0buH9L1yWAQXfaw43wF9eDAfRZB1Svzhl+W164GGks1YKZ  
9WbJ255lvCuXuNbmP+I1xYtuN5epP1saNAET/3HDkJUbXre5T3wdGCjgJnfyE6vf  
JhAwqVYEbOabRisnEhkP67yHk6mEz2QzH+KbbxyS7hCHp+I4RIMNhxPeoPb2Mn/t  
3oja8bC1WGpJaOaQy99UlCD11L8li30LbVb95V8l91tVzbXJwfOCmdjdRp+8/xA/  
fSpNdjCa7rbX8FWeU/FNunia/KkkJgc3qa65+e0muq99gdBk/+1HrrysjZt2oya5  
/vOMLjDfRmfqyB2fn65Isl2PhJnJN9EtPXeEFGLGNmRfqVlg2w4qXm2UUGDPmeuF  
rQrsYJ7YLLfQp7JejtNbPZbH+csEXFn2DRVv9YdOX5/H+a/boqe0h+9Wtmywzfw1  
uH+A5iY5JyLhknMyzfopCfpZIcV4ieRxeOdKvkUom67zKr2OAigSGxpz7EFdnunn  
gITqkbFqHtdjcCq/Vuj+vlfcUP7iLrWNSR9FZc9k9QcN0kaot8CqUmXF4zjkH/le  
sZMm+pcds9XpShSb3SXatKj3YY/O+DbHEcuKFSjg6DSHwEz4GLI=  
=tV7a  
-----END PGP SIGNATURE-----

Debian Security Advisory 5392-1

In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.


**News from 2023-03-23**  
﻿

The LANTIME firmware version 7.06.013 includes security updates of various third party libraries and programs.

Meinberg

recommends

updating to LANTIME firmware version 7.06.013.

  

Estimation of Severity up to and including

*   **LANTIME firmware V7.06.011:**  
    severity level critical(0), high (3), medium (4), low (1), unknown (3)
*   **LANTIME firmware V7.06.012:**  
    severity level critical(0), high (0), medium (0), low (1), unknown (0)

Updated Versions:

*   LANTIME firmware: V7.06.013

1.  **Description of the Vulnerabilities**
    *   Third-party software:
        *   curl:
            *   **CVE-2022-43551** - Another HSTS bypass via IDN (high)  
                **CVE-2022-43552** - HTTP Proxy deny use-after-free (medium)  
                **CVE-2023-23914** - HSTS ignored on multiple requests (unknown)  
                **CVE-2023-23915** - HSTS amnesia with –parallel (unknown)  
                **CVE-2023-23916** - HTTP multi-header compression denial of service (unknown)
                
                https://curl.se/docs/security.html
                
                **Fixed in:**  
                V7.06.012 MBGID-13207
                
        *   openssl:
            *   **CVE-2023-0286** - X.400 address type confusion in X.509 GeneralName (high)  
                **CVE-2022-4304** - Timing Oracle in RSA Decryption (medium)  
                **CVE-2023-0215** - Use-after-free following BIO\_new\_NDEF (medium)  
                **CVE-2022-4450** - Double free after calling PEM\_read\_bio\_ex (medium)
                
                https://www.openssl.org/news/secadv/20230207.txt
                
                **Fixed in:**  
                V7.06.012 MBGID-13137
                
        *   libexpat:
            *   **CVE-2022-43680** - Fix heap use-after-free after overeager destruction of a shared DTD in function XML\_ExternalEntityParserCreate in out-of-memory situations. (high)
                
                https://github.com/libexpat/libexpat/blob/R\_2\_5\_0/expat/Changes
                
                **Fixed in:**  
                V7.06.012 MBGID-13174
                
        *   sudo:
            *   **CVE-2023-22809** - A flaw in sudo's -e option (aka sudoedit) exists that allows a malicious user with sudoedit privileges to edit arbitrary files. (low)
                
                https://www.sudo.ws/security/advisories/sudoedit\_any/
                
                **Fixed in:**  
                V7.06.012 MBGID-13172
                
                Notice: Severity low, because only a super-user, that already has the highest privileges, can use sudo.
                
    *   LTOS web interface
        *   **CVE-2023-1731** - The validation of the filename of the upload function was not correct (low)
            
            The filename of the upload function was not correctly validated. Authenticated users with the highest privileges were able to use this vulnerability to execute code.
            
            Many thanks to Noam Moshe of Claroty for reporting this vulnerability.
            
            **Fixed in:**  
            V7.06.013 MBGID-13329
            
            Notice: Severity low, because only a super-user that already has the highest privileges, can exploit this vulnerability.
            
2.  **Systems Affected**
    
    All LANTIME firmware versions before V7.06.013 are affected by the corresponding vulnerabilities. The LANTIME firmware is used by all devices of the LANTIME M series (M100, M150, M200, M250, M300, M320, M400, M450, M600, M900) as well as all devices of the LANTIME IMS series (M500, M1000, M1000S, M2000S, M3000, M3000S, M4000) and the SyncFire product family (SF1000, SF1100, SF1200).
    
    Whether and to what extent individual clients or LANTIME systems are vulnerable depends on the individual configuration, network infrastructure, and other factors, and it is therefore not possible to provide a general statement on how vulnerable a given system in use actually is.
    
3.  **Possible Security Measures**
    
    The relevant security updates are included in the LANTIME firmware versions V7.06.013(-light). Updating to these versions eliminates the listed vulnerabilities.
    
    Download the latest LANTIME firmware at:  
    
    *   Meinberg LANTIME firmware
    
    All updates are now available for Meinberg customers. An update of the LANTIME firmware to the version 7.06.013 or 7.06.013-light respectively is **recommended**. Clients who cannot install version 7.06.013 should install V7.06.013-light instead.
    
4.  **Further Information**
    
    Further details and information are available from the following websites:
    
    *   LANTIME firmware changelog: V7.06
    
    If you have any questions or need assistance, please, do not hesitate to contact Meinberg's technical support team.
    
5.  **Acknowledgments**
    
    We would like to express our gratitude to all those who have advised us of vulnerabilities or other bugs, and have also suggested improvements to us.
    
    **_Thank you!_**

CVE-2023-1731: Meinberg Security Advisory: [MBGSA-2023.02] LANTIME-Firmware V7.06.013

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.

Tenda AC15 Unauthorized stack overflow vulnerability

****1\. Affected version:****

US\_AC15V1.0BR\_V15.03.05.19

****2\. Firmware download address****

资料下载\_腾达(Tenda)官方网站

****3\. Vulnerability details****

The function "sub\_E2F4" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.

****4\. Recurring vulnerabilities and POC****

Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.

**5\. Author**

范启航 220579866

CVE-2023-30369: Tenda/3.md at main · 2205794866/Tenda

Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function.

Tenda AC5 Unauthorized stack overflow vulnerability

****1\. Affected version:****

US\_AC5V1.0RTL\_V15.03.06.28

****2\. Firmware download address****

资料下载\_腾达(Tenda)官方网站

****3\. Vulnerability details****

The function "initWebs" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.

****4\. Recurring vulnerabilities and POC****

Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.

**5\. Author**

范启航 220579866

CVE-2023-30368: Tenda/1.md at main · 2205794866/Tenda

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-29570: SEGV src/mjs_ffi.c:982:24 in mjs_ffi_cb_free · Issue #240 · cesanta/mjs

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.

**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2023‑0204

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.

6.5

CWE-703  
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVE‑2023‑0203

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.

5.0

CWE-1220  
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVE‑2023‑0205

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.

5.0

CWE-1220  
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

**Security Updates**

The following table lists the NVIDIA products affected, versions affected, and the updated version that includes this security update.

**CVE IDs Addressed**

**Product**

**Affected Versions**

**Updated Version**

CVE‑2023‑0203  
CVE‑2023‑0204  
CVE‑2023‑0205

NVIDIA ConnectX Firmware

All versions prior to 35.1012

35.1012

**Notes**

*   Earlier firmware releases that support this product are also affected. If you are using an earlier release, upgrade to the latest release version.

**Acknowledgements**

NVIDIA thanks Xinhao Kong, Jingrong Chen, Wei Bai, Yechen Xu, Mahmoud Elhaddad, Shachar Raindel, Jitendra Padhye, Alvin R. Lebeck, and Danyang Zhuo for reporting these issues.

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

April 18, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2023-0205: NVIDIA Support

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2023‑0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure, data tampering, and SecureBoot bypass.

8.2

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE‑2023‑25505

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC, where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.

7.8

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE‑2023‑25506

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

7.5

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE‑2023‑25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.

7.2

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE‑2023‑25508

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

6.7

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE‑2023‑25509

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

6.0

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

**Security Updates**

The following table lists the NVIDIA server products affected, firmware versions affected, and the updated version that includes this security update.

To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal.

**CVE IDs Addressed**

**Hardware Platform**

**System**

**Affected Versions**

**Updated Version**

CVE‑2023‑25505  
CVE‑2023‑25508  
CVE‑2023‑25507

NVIDIA DGX-1 Servers

DGX-1

All BMC versions prior to 3.39.3

3.39.30

CVE‑2023‑0209  
CVE‑2023‑25506  
CVE‑2023‑25509

NVIDIA DGX-1 Servers

DGX-1

All SBIOS prior to S2W\_3A13

S2W\_3A13

**Notes**

*   Upgrade the NVIDIA DGX-1 firmware container to version 23.04.01 to get the updated firmware and SBIOS version listed in the table above. Firmware updates are available through the NVIDIA Enterprise Support Portal.

**Additional Information: Security Vulnerabilities Reported by Intel**

The following table lists potential security vulnerabilities in some Intel processors that have been reported by Intel. These vulnerabilities may allow escalation of privileges or denial of service. They are addressed in DGX-1 SBIOSS2W\_3A13.

**CVE ID**

**Severity**

**Summary**

CVE-2020-12357

High

Intel(R) Processors Privilege Escalation Vulnerability

CVE-2020-8670

High

Intel(R) Processors Privilege Escalation Vulnerability

CVE-2020-8700

High

Intel(R) Processors Privilege Escalation Vulnerability

CVE-2020-12359

High

Intel(R) Processors Privilege Escalation Vulnerability

CVE-2020-12358

Medium

Intel(R) Processors Denial of Service Vulnerability

CVE-2021-0095

Medium

Intel(R) Processors Denial of Service Vulnerability

CVE-2020-12360

Medium

Intel(R) Processors Privilege Escalation Vulnerability

CVE-2020-24486

Medium

Intel(R) Processors Denial of Service Vulnerability

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.1

April 19, 2023

Modified CVE-2023-0209 description.

1.0

April 19, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2023-25509: NVIDIA Support

NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.

**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2022‑42274

NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution.

7.8

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE‑2022‑42280

NVIDIA BMC contains a vulnerability in the SPX REST authorization handler, where an unauthorized user can exploit a path traversal, which may lead to escalation of privileges.

7.1

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE‑2022‑42282

NVIDIA BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.

6.5

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE‑2022‑42283

NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution.

6.4

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE‑2022‑42286

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges.

6.0

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE‑2022‑42287

NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.

6.0

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVE‑2022‑42289

NVIDIA BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.

7.2

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE‑2022‑42290

NVIDIA BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.

7.2

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE‑2023‑0200

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

7.5

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE‑2023‑0201

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

6.7

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE‑2023‑0202

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

7.5

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE‑2023‑0206

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

7.5

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE‑2023‑0207

NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.

7.5

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

**Security Updates**

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal.

**CVE IDs Addressed**

**Hardware Platform**

**System**

**Affected Versions**

**Updated Version**

**Firmware Container**

CVE‑2022‑42274  
CVE‑2022‑42280  
CVE‑2022‑42282  
CVE‑2022‑42283  
CVE‑2022‑42287  
CVE‑2023‑0200  
CVE‑2023‑0201

DGX-2

DGX-2

All BMC versions prior to 1.08.00

01.08.00

23.3.1

CVE‑2022‑42286  
CVE‑2022‑42289  
CVE‑2022‑42290  
CVE‑2023‑0207

DGX-2

DGX-2

All SBIOS versions prior to 0.33

0.33

23.3.1

CVE‑2023‑0202  
CVE‑2023‑0206

DGX A100

DGX A100

All SBIOS versions prior to 1.18

1.18

22.12.1

**AMI Security Advisory CVEs Addressed**

CVE‑2022‑40259  
CVE‑2022‑40242  
CVE‑2022‑2827

DGX Station A100

DGX Station A100

All BMC versions prior to 2.01.00

2.01.00

23.3.1

**Additional Information****Security Vulnerabilities Reported by AMI**

The following table lists potential security vulnerabilities in some AMI MegaRAC SP-X Baseboard Management Controllers that have been reported by AMI. These vulnerabilities may allow user enumeration, unauthorized access, or arbitrary code execution.

**CVE ID**

**Severity**

**Summary**

CVE‑2022‑40259

Critical

AMI MegaRAC Redfish Arbitrary Code Execution

CVE‑2022‑40242

High

MegaRAC Default Credentials Vulnerability

CVE‑2022‑2827

High

AMI MegaRAC User Enumeration Vulnerability

The following table lists the status of the NVIDIA response to these vulnerabilities for each NVIDIA DGX system.

**System**

**Status**

DGX-1

Not vulnerable - no response required

DGX-2

Not vulnerable - no response required

DGX A100

To be addressed in May 2023 as stated in NVIDIA DGX A100 Server and DGX Station A100 - December 2022

DGX Station

Not vulnerable - no response required

DGX Station A100

Addressed in this update

**Security Vulnerabilities Reported by Intel**

The following table lists potential security vulnerabilities in some Intel Processors that have been reported by Intel. These vulnerabilities may allow escalation of privileges or denial of service. They are addressed in DGX-2 SBIOS release version 0.33.

**CVE ID**

**Severity**

**Summary**

CVE‑2020‑12357

High

Intel(R) Processors Privilege Escalation Vulnerability

CVE‑2020‑8670

High

Intel(R) Processors Privilege Escalation Vulnerability

CVE‑2020‑8700

High

Intel(R) Processors Privilege Escalation Vulnerability

CVE‑2020‑12359

High

Intel(R) Processors Privilege Escalation Vulnerability

CVE‑2020‑12358

Medium

Intel(R) Processors Denial of Service Vulnerability

CVE‑2021‑0095

Medium

Intel(R) Processors Denial of Service Vulnerability

CVE‑2020‑12360

Medium

Intel(R) Processors Privilege Escalation Vulnerability

CVE‑2020‑24486

Medium

Intel(R) Processors Denial of Service Vulnerability

**Acknowledgements**

CVE‑2022‑42274, CVE‑2022‑42280, CVE‑2022‑42282, CVE‑2022‑42283, CVE‑2022‑42286, CVE‑2022‑42287, CVE‑2022‑42289, CVE‑2022‑42290: The NVIDIA Offensive Security Research (OSR) team reported these issues.

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

March 23, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2023-0207: NVIDIA Support

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

**Details**

This section summarizes the potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors follow CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector and CWE**

CVE‑2023‑25512

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

5.3

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L  
CWE‑125

CVE‑2023‑25513

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

5.3

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L  
CWE‑125

CVE‑2023‑25514

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

5.3

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L  
CWE‑125

CVE‑2023‑25510

NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.

3.3

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L  
CWE‑476

CVE‑2023‑25511

NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service.

3.3

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L  
CWE‑369

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

**Security Updates**

The following table lists the software products and versions affected, and the updated version available from nvidia.com that includes this security update.

Download the update from the CUDA Toolkit Downloads page to apply the security update.

**CVEs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

**Updated Version**

CVE‑2023‑25510  
CVE‑2023‑25511  
CVE‑2023‑25514

NVIDIA CUDA Toolkit

Linux, Windows

All versions prior to 12.1 Update 1

12.1 Update 1

CVE‑2023‑25512

NVIDIA CUDA Toolkit

Linux, Windows

All versions prior to 12.1

12.1

CVE‑2023‑25513

NVIDIA CUDA Toolkit

Linux, Windows

All versions prior to 12.0 Update 1

12.0 Update 1

**Notes**

*   Earlier software releases of this product are also affected. If you are using an earlier release, upgrade to the latest release version.

**Acknowledgements**

NVIDIA thanks the following people for reporting these issues:

*   CVE‑2023‑25510, CVE‑2023‑25511: zz zr, Zhaozixi105
*   CVE‑2023‑25512: Luca Di Bartolomeo @ EPFL, Zhaozixi105
*   CVE‑2023‑25513: Luca Di Bartolomeo @ EPFL

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

April 21, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

Tag

#dos