CVE-2022-31599

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

History

13 Jul 2022, 14:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.2
v2 : 4.6
v3 : 8.2
CWE CWE-824
CPE cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:*:*:*:*
References (CONFIRM) https://nvidia.custhelp.com/app/answers/detail/a_id/5367 - (CONFIRM) https://nvidia.custhelp.com/app/answers/detail/a_id/5367 - Vendor Advisory

04 Jul 2022, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-04 18:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-31599

Mitre link : CVE-2022-31599

CVE.ORG link : CVE-2022-31599


JSON object : View

Products Affected

nvidia

  • dgx_a100_firmware
  • dgx_a100
CWE
CWE-824

Access of Uninitialized Pointer