NVIDIA DGX Spark GB10 OSROOT Firmware Vulnerability

MEDIUM (5.7) No Patch (20 days)
cwe-20denial-of-servicedgx-sparkfirmware-vulnerabilityhardware-tamperingnvidiaosroot

Threat Intelligence

Low Risk
EPSS Score: 0.02% chance of exploitation (percentile: 4%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The NVIDIA DGX Spark GB10 is a high-performance computing system used for AI and deep learning applications. This vulnerability affects the OSROOT firmware, which manages hardware resources on the device.

Am I affected?

You're affected if you use NVIDIA DGX Spark GB10 with firmware versions 2025 through 33187. To check if your system is vulnerable, run the following command: nvidia-dgx-check --version

Note that this vulnerability only affects NVIDIA DGX Spark GB10 systems and does not impact other devices or software.

Affected Products

NVIDIA Corporation / DGX Spark GB10

How to fix

  1. Download and install the latest version of NVIDIA DGX OS from the NVIDIA Product Security site.
  2. Follow the instructions in the security bulletin to update your system.

Immediate mitigations:
- Restrict network access to your DGX Spark GB10 instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation

References