CVE-2022-42275 : What You Need to Know
Discover how NVIDIA BMC IPMI handler vulnerability in DGX servers (CVE-2022-42275) can lead to data tampering and denial of service. Learn about impacts, affected systems, and mitigation steps.
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service.
Understanding CVE-2022-42275
What is CVE-2022-42275?
CVE-2022-42275 is a vulnerability found in the BMC (Baseboard Management Controller) IPMI (Intelligent Platform Management Interface) handler of NVIDIA DGX servers.
The Impact of CVE-2022-42275
The vulnerability can result in Denial of Service (DoS) and Data Tampering. It allows an unauthenticated host to write to the host SPI flash, circumventing secureboot protections, potentially leading to integrity loss and service denial.
Technical Details of CVE-2022-42275
Vulnerability Description
The issue lies in the BMC IPMI handler of NVIDIA DGX servers, enabling unauthorized writing to the host SPI flash without proper authentication or authorization.
Affected Systems and Versions
All BMC firmware versions prior to 00.19.07 in NVIDIA DGX servers are impacted by this vulnerability.
Exploitation Mechanism
An unauthenticated host can exploit this vulnerability to tamper with data and disrupt service integrity by unauthorized writing to the host SPI flash.
Mitigation and Prevention
Immediate Steps to Take
To mitigate CVE-2022-42275, NVIDIA DGX server users should update their BMC firmware to version 00.19.07 or newer. Additionally, restricting network access to the BMC interface can enhance security.
Long-Term Security Practices
Regularly check for firmware updates and security patches provided by NVIDIA for DGX servers to prevent potential vulnerabilities.
Patching and Updates
Apply relevant security patches and updates promptly to ensure the protection of BMC IPMI handlers and prevent unauthorized access to the host SPI flash.