3rd November 2020, Kathmandu
Recently NVIDIA released a patch for a critical bug in its high-performance line of DGX servers. The bug could potentially invite remote attackers to control and access sensitive data on the system, which is operated by governments and Fortune-100 companies.
NVIDIA recently issued nine-patches to fix flaws in firmware used by DGX high-performance computing (HPC) systems. The systems are responsible for processor-intensive artificial intelligence (AI) tasks, machine learning, and data modelling. Whereas, the fixes were for the flaws in its firmware that runs on its brains behind a remote monitoring service servers, DGX AMI baseboard management controller (BMC).
Likewise, Researcher Sergey Gordeychik, credited for finding the bugs, wrote that the attackers could be remote. If bad guys root one of the boxes and then get access to the controller; they can use the out of band management network to PWN the whole data center. Moreover, he added, “If you have OOB access, the game is over for the target.”
With the high-stake computing jobs typically running on the HPC systems, exploiting the flaw could even interfere with data and force models to make incorrect predictions or infect an AI model.”
Also read: Dell vs Lenovo: Which Laptop To Buy in 2020?
No Patch Until 2021 for One NVIDIA Critical Bug
NVIDIA has said that it wouldn’t be able to update the patch fixing one critical bug(CVE‑2020‑11487)until the second quarter of 2021. Meanwhile, the bug is impacting the DGX A100 server line. The flaws of the critical bug are tied to a hard-coded RSA 1024 key with weak cyphers, leading to information disclosure. Whereas, the fix for other servers, DGX-1 and DGX-2 impacted by the same bug CVE‑2020‑11487, is available.
NVIDIA suggested limiting connectivity to the BMC, including the web UI, to trusted management networks to mitigate the security concerns.
Bugs Highlight Vulnerability of AI and ML Infrastructure
Sergey Gordeychik disclosed the bugs Wednesday at the CodeBlue 2020 as a part of the presentation “Vulnerabilities of Machine Learning Infrastructure.”
In the presentation, Sergey highlighted the vulnerability of different AI infrastructure components. It includes NVIDIA DGX GPU servers used in ML frameworks(Pytorch, Keras, and Tensorflow), data processing pipelines. Also, the specific applications, including Medical Imaging and face recognition, powered CCTV, could be tampered with by an adversary.
With the supply chain of NVIDIA, other vendors are also likely to have an impact.
Nine CVE Patches
Among the recent nine CVE patches NVIDIA issues on Wednesday, CVE‑2020‑11483 is a critical bug. The vulnerable line of NVIDIA DGX servers includes DGX-1, DGX-2, and DGX A100.
Out of the Nine CVEs, four of the NVIDIA bugs are critical: CVE‑2020‑11484, CVE‑2020‑11487, CVE‑2020‑11485, CVE‑2020‑11486. The CVE‑2020‑11484 is the most severe among the four of the bugs.
Three of the other patched vulnerabilities are medium-severity whereas, and one is with low.