Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31599

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Published

2022-07-04T18:15:07.907

Last Modified

2024-11-21T07:04:49.327

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-824
Type: Primary
CWE-824

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	nvidia	dgx_a100_firmware	< 22.5.5	Yes
Hardware	nvidia	dgx_a100	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5367 Vendor Advisory ([email protected])
https://nvidia.custhelp.com/app/answers/detail/a_id/5367 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)