Main Vulnerability Database SB2025030619

SB2025030619 - Multiple vulnerabilities in NVIDIA Hopper HGX 8-GPU

Published: March 6, 2025

Security Bulletin ID SB2025030619

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Exposed IOCTL with Insufficient Access Control (CVE-ID: CVE-2024-0141)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient access control in the IOCTL within the GPU vBIOS. A remote administrator can write to an unsupported registry and cause a denial of service condition.

2) Internal Asset Exposed to Unsafe Debug Access Level or State (CVE-ID: CVE-2024-0114)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to internal asset exposed to unsafe debug access level or state in the HGX Management Controller (HMC). A local administrator can execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5561