CVE-2023-25527
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-25527
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
NVIDIA DGX 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NVIDIA DGX是美国英伟达(NVIDIA)公司的一款应用于深度学习的高性能工作站。 NVIDIA DGX H100 BMC存在缓冲区错误漏洞。攻击者利用该漏洞导致任意内核代码执行、拒绝服务、权限升级、信息泄露和数据篡改。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| NVIDIA | DGX H100 BMC | All versions prior to 23.08.07 | - |
II. Public POCs for CVE-2023-25527
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-25527
请登录查看更多情报信息。
Same Patch Batch · NVIDIA · 2023-09-20 · 18 CVEs total
| CVE-2023-25528 | 8.8 HIGH | NVIDIA DGX 缓冲区错误漏洞 |
| CVE-2023-31009 | 8.3 HIGH | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-25533 | 8.3 HIGH | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-25529 | 8.0 HIGH | NVIDIA DGX 安全漏洞 |
| CVE-2023-25530 | 8.0 HIGH | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-25531 | 7.6 HIGH | NVIDIA DGX 安全漏洞 |
| CVE-2023-25525 | 7.5 HIGH | NVIDIA Cumulus Linux 访问控制错误漏洞 |
| CVE-2023-31008 | 7.3 HIGH | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31010 | 6.8 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31015 | 6.6 MEDIUM | NVIDIA DGX 授权问题漏洞 |
| CVE-2023-25532 | 6.5 MEDIUM | NVIDIA DGX 安全漏洞 |
| CVE-2023-25526 | 6.5 MEDIUM | NVIDIA Cumulus Linux 安全漏洞 |
| CVE-2023-31012 | 6.1 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31013 | 6.1 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-25534 | 5.7 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31011 | 5.2 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31014 | 4.2 MEDIUM | NVIDIA GeForce Now 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-119
- CVE-2026-22167
GPU DDK - Cache resident PM buffers writable by other GPU re - CVE-2026-27890
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_ - CVE-2026-34864
Huawei HarmonyOS 安全漏洞 - CVE-2026-4149
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code - CVE-2026-34988
Wasmtime leaks data between pooling allocator instances
V. Comments for CVE-2023-25527
No comments yet