NVIDIA has released a patch addressing a critical vulnerability in its Base Command Manager software, that could pose significant risks, including the potential for remote code execution, denial of service, privilege escalation, information disclosure, and data tampering.
This flaw, tracked as CVE-2024-0138 with a CVSS score of 9.8, located within the CMDaemon component, arises from a missing authentication mechanism (CWE-862) in the CMDaemon component.
The vulnerability, classified under CWE-862 (Missing Authorization), is particularly dangerous because it can be exploited remotely without requiring user interaction or special privileges.
NVIDIA confirmed that earlier versions, including 10.24.07 and earlier, are not impacted by this vulnerability. To mitigate the issue, NVIDIA recommends updating the CMDaemon component on all head nodes and software images.
Use this security update to resolve the issue as follows:
- Update to the most recent version of CMdaemon on the head nodes and in all software images.
- Update the nodes by rebooting them or by resynchronizing them against the software image.
For more details refer to the advisory
