NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.
References
Link | Resource |
---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5458 | Vendor Advisory |
https://nvidia.custhelp.com/app/answers/detail/a_id/5458 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://nvidia.custhelp.com/app/answers/detail/a_id/5458 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
29 Apr 2023, 03:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:h:nvidia:dgx-1:-:*:*:*:*:*:*:* cpe:2.3:o:nvidia:sbios:*:*:*:*:*:*:*:* |
|
References | (MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5458 - Vendor Advisory |
22 Apr 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-22 03:15
Updated : 2024-11-21 07:36
NVD link : CVE-2023-0209
Mitre link : CVE-2023-0209
CVE.ORG link : CVE-2023-0209
JSON object : View
Products Affected
nvidia
- sbios
- dgx-1
CWE
CWE-287
Improper Authentication