Nvidia has identified vulnerabilities in several of its products including the DGX-1 deep learning component, the CUDA programming interface, the ConnectX network adapter series and graphics card drivers. The vulnerabilities vary in severity with some classified as “high” and others as “medium”. In the worst case scenario, attackers could run malicious code on systems.
Developers have closed six security loopholes in the DGX-1 firmware, most of which are classified with the threat level “high”. One vulnerability is due to errors in the SBIOS, which could allow attackers to execute their own code and compromise systems. Users of the DGX-1 deep learning component are advised to install the secured BMC version 3.39.30 and SBIOS S2W_3A13 or risk being vulnerable.
Meanwhile, CUDA is vulnerable to five vulnerabilities, all classified with the threat level “medium”. Attackers could access information that is supposed to be isolated or even execute malicious code. Linux and Windows are affected by this. To remedy the situation, users are advised to install releases 12.0 Update 1, 12.1 and 12.1 Update 1.
In addition, Nvidia has released security updates for GPU drivers. Attackers could launch malicious code attacks on the vulnerabilities classified as the most dangerous. Nvidia lists the driver versions protected against this in a warning message. The ConnectX network adapter series has also been secured against possible attacks in firmware version 35.1012. Attackers could launch DoS attacks at the vulnerabilities.
It is important for anyone affected by these vulnerabilities to quickly install the available security patches. Failure to do so could result in malicious code getting onto systems. While Nvidia has identified and addressed these vulnerabilities, it is important for users to stay vigilant and keep their systems up to date with the latest security patches.
