Monday , July 13 2026
NVIDIA

NVIDIA Issues Warning of Multiple Vulnerabilities

NVIDIA has released urgent security advisories for multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing platforms. A critical flaw (CVE-2024-0114, CVSS 8.1) allows unauthorized code execution, privilege escalation, and data compromise.

A medium-severity vulnerability (CVE-2024-0141, CVSS 6.8) in the GPU vBIOS layer The vulnerabilities could enable denial-of-service attacks through unsupported registry writes, affecting critical infrastructure in AI/ML clusters, supercomputing environments, and enterprise data centers using NVIDIA’s HGX architecture.

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CVE-2024-0114: HMC Privilege Escalation:

The HGX Management Controller (HMC), responsible for managing GPU resources and firmware updates across multiple GPUs, has an authentication bypass vulnerability.

Attackers with admin access to the Baseboard Management Controller (BMC), often accessible via IPMI or Redfish interfaces, can elevate their privileges to HMC administrator level, gaining full control over:

Code Execution: Run harmful programs through the HMC’s firmware update process, affecting all connected GPUs.
Data Tampering: Modify GPU compute workloads or training datasets in AI pipelines.
Lateral Movement: Exploit HMC’s intra-node communication (NVLink/NVSwitch) to propagate across GPU clusters.

NVIDIA’s advisory states that exploit chains can remain effective after reboots because HMC’s persistence layer saves configuration data in non-volatile flash memory.

CVE-2024-0141: vBIOS Registry Corruption:

The GPU vBIOS vulnerability lets cloud users or containerized applications write to restricted hardware registers. This disrupts the GPU’s power management and memory controllers, causing systemic issues. Exploiting this can render GPUs unresponsive, necessitating physical resets or BMC-level hard resets to recover.

Affected Firmware Versions and Mitigation:

Component Vulnerable Firmware Versions Patched Version
HMC Controller HGX-22.10-1-rc67 (1.5.0) 1.6.0+
HGX-22.10-1-rc63 (1.4.0)
HGX-22.10-1-rc59 (1.3.2)
GPU vBIOS All versions prior to 1.6.0 1.6.0+

Administrators must:

Isolate BMC Interfaces by strictly segmenting the network for IPMI/Redfish endpoints and using certificate-based authentication.

Apply Firmware Updates with NVIDIA’s nvfwupd tool to install HMC 1.6.0 or higher.

Audit Tenant Permissions by limiting GPU passthrough in virtualized environments to avoid vBIOS exploits.

These vulnerabilities highlight systemic risks in computational acceleration platforms where hardware controllers and firmware run with high privileges.

Check Also

5

TP-Link alerts users to patch router auth bypass vulnerability

TP-Link fixed some security flaws in its Archer NX routers. CVE-2025-15517 is a security flaw …