Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28200

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Published

2022-07-02T01:15:07.190

Last Modified

2024-11-21T06:56:56.470

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	nvidia	dgx_a100_firmware	< 22.5.5	Yes
Hardware	nvidia	dgx_a100	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5367 Vendor Advisory ([email protected])
https://nvidia.custhelp.com/app/answers/detail/a_id/5367 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)