CVE-2022-31600

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:04

Type Values Removed Values Added
CVSS v2 : 4.6
v3 : 8.2
v2 : 4.6
v3 : 7.5
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5367 - Vendor Advisory () https://nvidia.custhelp.com/app/answers/detail/a_id/5367 - Vendor Advisory

13 Jul 2022, 14:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : 4.6
v3 : 8.2
CWE CWE-190
References (CONFIRM) https://nvidia.custhelp.com/app/answers/detail/a_id/5367 - (CONFIRM) https://nvidia.custhelp.com/app/answers/detail/a_id/5367 - Vendor Advisory
CPE cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:*:*:*:*

04 Jul 2022, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-04 18:15

Updated : 2024-11-21 07:04


NVD link : CVE-2022-31600

Mitre link : CVE-2022-31600

CVE.ORG link : CVE-2022-31600


JSON object : View

Products Affected

nvidia

  • dgx_a100_firmware
  • dgx_a100
CWE
CWE-190

Integer Overflow or Wraparound