Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.

Published

2023-04-22T03:15:09.557

Last Modified

2024-11-21T07:36:45.217

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	nvidia	sbios	< 52w_3a13	Yes
Hardware	nvidia	dgx-1	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5458 Vendor Advisory ([email protected])
https://nvidia.custhelp.com/app/answers/detail/a_id/5458 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)