Vulnerabilities > CVE-2023-0208 - Out-of-bounds Write vulnerability in Nvidia Data Center GPU Manager

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

nvidia

CWE-787

NVD

Published: 2023-04-01

Updated: 2023-11-07

Summary

NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering.

Vulnerable Configurations

Part	Description	Count
Application	Nvidia Nvidia Data Center GPU Manager 1.2.3 Nvidia Data Center GPU Manager 1.3.3 Nvidia Data Center GPU Manager 1.4.2 Nvidia Data Center GPU Manager 1.4.6 Nvidia Data Center GPU Manager 1.5.6 Nvidia Data Center GPU Manager 1.6.3 Nvidia Data Center GPU Manager 1.7.1 Nvidia Data Center GPU Manager 1.7.2 Nvidia Data Center GPU Manager 2.0.10 Nvidia Data Center GPU Manager 2.0.13 Nvidia Data Center GPU Manager 2.0.15 Nvidia Data Center GPU Manager 2.1.4 Nvidia Data Center GPU Manager 2.3.4 Nvidia Data Center GPU Manager 2.4.7 Nvidia Data Center GPU Manager 3.0.4 Nvidia Data Center GPU Manager 3.1.3 Nvidia Data Center GPU Manager 3.1.6	17
OS	Linux Linux Linux Kernel -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5453