CVE-2023-25529
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-25529
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过时间差异性导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
NVIDIA DGX 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NVIDIA DGX是美国英伟达(NVIDIA)公司的一款应用于深度学习的高性能工作站。 NVIDIA DGX H100存在安全漏洞,该漏洞源于KVM服务存在安全漏洞,允许未经身份验证的攻击者通过观察服务器响应的时间差异来导致其他用户的会话令牌泄漏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| NVIDIA | DGX H100 BMC | All versions prior to 23.08.07 | - | |
| NVIDIA | DGX A100 BMC | All BMC versions prior to 00.22.05 | - |
II. Public POCs for CVE-2023-25529
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-25529
请登录查看更多情报信息。
Same Patch Batch · NVIDIA · 2023-09-20 · 18 CVEs total
| CVE-2023-25528 | 8.8 HIGH | NVIDIA DGX 缓冲区错误漏洞 |
| CVE-2023-31009 | 8.3 HIGH | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-25533 | 8.3 HIGH | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-25530 | 8.0 HIGH | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-25527 | 7.8 HIGH | NVIDIA DGX 缓冲区错误漏洞 |
| CVE-2023-25531 | 7.6 HIGH | NVIDIA DGX 安全漏洞 |
| CVE-2023-25525 | 7.5 HIGH | NVIDIA Cumulus Linux 访问控制错误漏洞 |
| CVE-2023-31008 | 7.3 HIGH | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31010 | 6.8 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31015 | 6.6 MEDIUM | NVIDIA DGX 授权问题漏洞 |
| CVE-2023-25532 | 6.5 MEDIUM | NVIDIA DGX 安全漏洞 |
| CVE-2023-25526 | 6.5 MEDIUM | NVIDIA Cumulus Linux 安全漏洞 |
| CVE-2023-31012 | 6.1 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31013 | 6.1 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-25534 | 5.7 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31011 | 5.2 MEDIUM | NVIDIA DGX 输入验证错误漏洞 |
| CVE-2023-31014 | 4.2 MEDIUM | NVIDIA GeForce Now 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-208
- CVE-2026-41588
RELATE: Timing Attack Vulnerability in course/auth.py — chec - CVE-2026-41161
Username Enumeration via Timing Attack - CVE-2026-33006
Apache HTTP Server: mod_auth_digest timing attack - CVE-2026-41263
Traefik: BasicAuth middleware: timing side-channel vulnerabi - CVE-2026-41407
OpenClaw < 2026.4.2 - Timing Side Channel in Shared-Secret C
V. Comments for CVE-2023-25529
No comments yet