Date: October 2023

Executive Summary

The NVIDIA Hopper HGX 8-GPU HMC, a cornerstone of high-performance computing environments, has recently been identified to harbor two critical vulnerabilities: CVE-2024-0114 and CVE-2024-0141. These vulnerabilities pose significant security risks, enabling unauthorized actions such as code execution, privilege escalation, data tampering, and denial of service. Given the critical nature of these vulnerabilities, organizations leveraging NVIDIA's Hopper architecture are urged to act promptly to mitigate potential risks. This advisory report provides a comprehensive analysis of these vulnerabilities, their potential exploitation, affected product versions, and recommended mitigation strategies.

Technical Information

Vulnerability CVE-2024-0114 emerges as a high-severity threat with a CVSS score of 8.1. It is located within the HGX Management Controller (HMC). This vulnerability could be exploited by a threat actor with administrative access to the Baseboard Management Controller (BMC), enabling them to escalate privileges and potentially execute arbitrary code on the HMC. The repercussions of such an exploit could include denial of service, unauthorized data access, and data tampering, which could have severe consequences on operations relying on the affected systems.

Vulnerability CVE-2024-0141 is categorized as a medium-severity vulnerability with a CVSS score of 6.8 and resides within the GPU vBIOS. It can be leveraged by a malicious entity possessing tenant-level GPU access to write to unsupported registry locations. This could result in a denial of service, disrupting operations and potentially leading to significant downtime.

The specific versions affected by these vulnerabilities include HGX-22.10-1-rc67 (1.5.0), HGX-22.10-1-rc63 (1.4.0), HGX-22.10-1-rc59 (1.3.2), and HGX-22.10-1-rc57 (1.3.0/1.3.1). Organizations using these versions are at heightened risk and should prioritize remediation efforts.

Exploitation in the Wild

As of the time of this report, there have been no confirmed instances of exploitation of CVE-2024-0114 or CVE-2024-0141 in the wild. Moreover, no known exploits have been developed, and there are no current associations with Advanced Persistent Threat (APT) groups. This provides a crucial window of opportunity for affected organizations to implement necessary security measures before any potential exploitation occurs.

APT Groups Using This Vulnerability

At present, there is no evidence to suggest that any known APT groups are actively exploiting these vulnerabilities. However, given the potential impact, it is imperative for security teams to remain vigilant and monitor for any emerging threats that could seek to exploit these weaknesses.

Affected Product Versions

The affected product versions are specifically HGX-22.10-1-rc67 (1.5.0), HGX-22.10-1-rc63 (1.4.0), HGX-22.10-1-rc59 (1.3.2), and HGX-22.10-1-rc57 (1.3.0/1.3.1). Organizations running these versions should take immediate action to address the vulnerabilities.

Workaround and Mitigation

NVIDIA has proactively released firmware updates to mitigate these vulnerabilities. Users are strongly advised to update to version 1.6.0 or later to secure their systems. Additionally, ensuring the proper hardening of the BMC is critical in minimizing the risk associated with CVE-2024-0114. Regular patch management and adherence to security best practices are essential steps in fortifying systems against potential threats.

References

For further information, the NVIDIA Security Bulletin provides detailed insights into the identified vulnerabilities and recommended actions: https://nvidia.custhelp.com/app/answers/detail/a_id/5561

Rescana is Here for You

At Rescana, we are committed to helping our clients navigate the complex landscape of cybersecurity threats. Our Third Party Risk Management (TPRM) platform offers comprehensive solutions for identifying, assessing, and mitigating risks associated with third-party vendors and technologies. Should you have any questions regarding this report or require assistance with other cybersecurity concerns, please do not hesitate to contact us at ops@rescana.com.