CVE-2022-31599 - NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated priv

CVE-2022-31599

Summary

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5367

Vulnerable Configurations

cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 13-07-2022 - 14:29)
Impact:
Exploitability:

CWE

CWE-824

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

Last major update

13-07-2022 - 14:29

Published

04-07-2022 - 18:15

Last modified

13-07-2022 - 14:29