Login Sign Up

CVE-2023-25522

7.5 HIGH

📋 TL;DR

This vulnerability in NVIDIA DGX A100/A800 systems allows attackers to exploit improper input validation in the SBIOS by providing configuration information in unexpected formats. Successful exploitation could lead to denial of service, information disclosure, or data tampering. Only NVIDIA DGX A100 and A800 systems are affected.

💻 Affected Systems

Products:
  • NVIDIA DGX A100
  • NVIDIA DGX A800
Versions: All versions prior to patched SBIOS
Operating Systems: All OS running on affected hardware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in SBIOS firmware, affecting all operating systems running on the hardware.

📦 What is this software?

Dgx A100 Firmware by Nvidia

View all CVEs affecting Dgx A100 Firmware →

Dgx A800 Firmware by Nvidia

View all CVEs affecting Dgx A800 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing data tampering, sensitive information disclosure, and persistent denial of service requiring hardware replacement.

🟠

Likely Case

System instability leading to denial of service requiring reboot, with potential for limited information disclosure about system configuration.

🟢

If Mitigated

No impact if systems are properly patched and isolated from untrusted networks.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires access to SBIOS configuration interface, which may be accessible via BMC or local system access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SBIOS update as specified in NVIDIA advisory

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5461

Restart Required: Yes

Instructions:

1. Download SBIOS update from NVIDIA support portal. 2. Follow NVIDIA DGX firmware update procedures. 3. Reboot system to apply update.

🔧 Temporary Workarounds

Restrict SBIOS/BMC Access

all

Limit network access to BMC/SBIOS management interfaces to trusted administrative networks only.

Configure firewall rules to restrict access to BMC IP addresses
Use VLAN segmentation for management networks

Physical Security Controls

all

Ensure physical access to systems is restricted to authorized personnel only.

🧯 If You Can't Patch

  • Isolate affected systems from untrusted networks and internet access
  • Implement strict access controls to BMC/SBIOS management interfaces

🔍 How to Verify

Check if Vulnerable:

Check SBIOS version against NVIDIA advisory. Use 'dmidecode -t bios' on Linux systems to view current version.

Check Version:

dmidecode -t bios | grep Version

Verify Fix Applied:

Verify SBIOS version matches patched version from NVIDIA advisory after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SBIOS configuration changes
  • Multiple failed SBIOS access attempts
  • System instability or unexpected reboots

Network Indicators:

  • Unusual traffic to BMC management interfaces
  • Connection attempts to SBIOS configuration ports from unauthorized sources

SIEM Query:

source="BMC" OR source="IPMI" AND (event_type="configuration_change" OR event_type="access_denied")

📊 Metadata

CVE ID: CVE-2023-25522
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-20
Published: July 4, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25522, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)