NVIDIA DCGM Linux Users Beware of New Buffer Overflow Vulnerability

CVSScvssV3_1: 8.4

NVIDIA’s DCGM for Linux monitoring tool has been found to contain a vulnerability that could allow remote attackers to cause a denial of service or tamper with data on affected systems.

The vulnerability resides in the HostEngine server component of DCGM and relates to improper handling of heap memory. By connecting to the server via a specially crafted socket connection, an attacker could potentially cause a buffer overflow and execution of arbitrary code.

DCGM is used to monitor NVIDIA GPUs and collect telemetry data. The exposed HostEngine server listens on a local port for connections from client tools. By exploiting this vulnerability, an attacker on the internal network may be able to crash the monitoring service or modify the data it collects.

NVIDIA has released an update to address this issue and assigned it CVE-2023-0208. Users are advised to update their installations of DCGM for Linux as soon as possible to protect against any potential attacks. It is also recommended that the DCGM server only allow connections from authorized monitoring clients where possible.

Staying up-to-date with the latest patches is important for any internet-facing services or tools that collect and expose system information. This vulnerability is a reminder of the need for ongoing security maintenance of monitoring infrastructures.