NVIDIA released patches on Wednesday that fix nine problems with the NVIDIA DGX servers.
NVIDIA DGX systems are designed for corporate artificial intelligence applications. All errors were detected in the firmware of the AMI Baseboard Management Controller (BMC) running on the units concerned. This means that the vulnerabilities are not specific to NVIDIA and relate to products from multiple suppliers.
The vulnerabilities were reported to NVIDIA by members of the StrangeLove SCADA project, which focuses on ICS/SCADA security, as part of an investigation into vulnerabilities in the machine learning infrastructure. Vulnerabilities
One safety deficiency was classified as critical, of which five were high, two medium and one low.
The main error is the inclusion of the hard-coded credentials in the AMI BMC firmware of the NVIDIA DGX servers. The question followed as CVE-2020-11483 has a CVSS score of 9.8 and its operation may lead to increased privileges or leakage of information.
The next one is CVE-2020-11484, a vulnerability that could allow an attacker with administrative rights to obtain a BMC/IPMI userash. With a CVSS score of 8.4, a security breach can be used to gain access to information that would otherwise be restricted.
A third disadvantage may also lead to disclosure. It is treated as CVE-2020-11487 (classified CVSS 8.2) and exists by using a hard RSA 1024 encryption key with weak numbers.
With the CVSS value 8.1, the following two vulnerabilities can lead to remote code execution.
The first of these, CVE-2020-11485, is the Cross-Site Request Forgery Error (CSRF), which exists because the web application does not sufficiently verify whether a well-formatted, valid and sequential request has been made by the user making it, and which may also lead to disclosure.
The second, CVE-2020-11486, can be used by attackers to download or transfer files that can be processed automatically within the product environment, according to NVIDIA in its recommendations.
Another high risk that NVIDIA highlighted this week is the CVE-2020-11615 (CVSS Evaluation 7.5), where the hard-coded RC4 encryption key used in the firmware could lead to revelations.
The deficiencies at middle level corrected by NVIDIA may lead to revelations. The first, CVE-2020-11488, is included in the public key of RSA 1024, which is used to verify the non-verifiable signature of the firmware, while the second, CVE-2020-11489, is available using the standard strings of the SNMP community.
The last in the list is the CVE-2020-11616, a disadvantage of the low reliability, namely that the pseudo-random number generator (PRNG) algorithm used in the JSOL package to implement the IPMI protocol is not cryptographic. Exploitation of this shortcoming may lead to disclosure.
According to NVIDIA, exploiting these vulnerabilities requires network access to the DGX BMC server.
These vulnerabilities were found on the NVIDIA DGX-1, DGX-2 and DGX A100 servers. Despite the fact that the DGX-1 servers are affected by all bugs, only a few of them affect DGX-2 products and the DGX A100 servers suffer from the inconvenience.
BMC firmware version 3.38.30 solves problems with DGX-1 servers, and BMC firmware version 1.06.06 solves bugs with DGX-2 servers. An upgrade of the DGX A100 servers will be available in the second quarter of 2021.
Since vulnerabilities have been discovered in the AMI BMC firmware, SCADA StrangeLove reports that other vendors have also been affected, including ASRock Rack, ASUS, DEPO Computers, Gigabyte, Gooxi, Hewlett Packard Enterprise, IBM, Lenovo, Mikrobits (Microtic), NetApp, Quanta Computer and TYAN Computer.
AMI, who was contacted by SecurityWeek, said it has a close working relationship with NVIDIA and all other major silicon suppliers in the US and abroad. The company said it hired a third security firm to check the firmware, and these vulnerabilities were discovered before NVIDIA AMI became aware of them. Patches were developed and distributed to customers.
In our opinion, this incident demonstrates the complexity of the safety paradigm in our industry, which requires close cooperation between companies so that we can address these safety issues together. Over the years, MAI has developed what we believe to be a robust security framework that allows us to monitor vulnerabilities relevant to MAI products so that we can take immediate action. We work with industrial partners on patches, which AMI then distributes to our customers. The close cooperation with our partners also makes it easier for AMI’s customers to apply the patches we developed, says AMI in an e-mail release.
He went on to say: In fact, the MAI is working on several mechanisms to streamline the whole process of creating and applying security and vulnerability patches. We do not see any safety risks in the future and therefore we see ourselves as a partner of all silicon producers in many technical and strategic initiatives over the years, and we will continue to do so and address safety issues in a timely, coordinated and effective manner.
* Supplementary report by Edward Kovachs
That’s what it looks like: NVIDIA fixes code execution errors in GeForce Experience
That’s what it looks like: Disadvantages of using NVIDIA code in GPU drivers
That’s what it looks like: NVIDIA fixes DoS errors in GPU drivers and vGPU software
Ionat Argir is the international correspondent for Security Week.
Previous chronicles of Ionat Argir: