Security News > 2020 > October > NVIDIA Patches AMI BMC Vulnerabilities Impacting Several Major Vendors
NVIDIA on Wednesday released patches to address a total of nine vulnerabilities impacting NVIDIA DGX servers.
The vulnerabilities were reported to NVIDIA by members of the SCADA StrangeLove project, which focuses on ICS/SCADA security, as part of their research into machine learning infrastructure vulnerabilities.
Since the vulnerabilities were found in AMI BMC firmware, SCADA StrangeLove says other vendors appear to be impacted as well, including ASRock Rack, ASUS, DEPO Computers, Gigabyte, Gooxi, Hewlett Packard Enterprise, IBM, Lenovo, Mikrobits, NetApp, Quanta Computer, and TYAN Computer.
Contacted by SecurityWeek, AMI said it has a close working relationship with NVIDIA, as well as all the other major silicon vendors in the US and abroad. The company said it contracted a third-party security firm to audit its firmware and these vulnerabilities were discovered before NVIDIA brought them to AMI's attention.
"From our perspective, this incident shows the complexity of the security paradigm in our industry, which requires the industry to work closely together to collaborate, so that we can address these security issues collectively. Over the years, AMI has come up with what we believe to be a robust security framework, which allows us to keep tabs on the security vulnerabilities that are relevant to AMI products, so we can take immediate action. We work together with industry partners on fixes which AMI then distributes to our customers; keeping in close coordination with our partners also makes it easy for AMI customers to apply the fixes that we have developed," AMI said in an emailed statement.