Out-of-bounds Write Vulnerability in NVIDIA DGX A100 SBIOS
CVE-2022-42281

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Dgx Servers
Vendor: CVE Published:; 13 January 2023

Summary

The NVIDIA DGX A100 has a reported vulnerability in its SBIOS related to the FsRecovery process. This issue could be exploited by a highly privileged local attacker, potentially resulting in an out-of-bounds write. Such an exploit may lead to serious consequences, including unauthorized code execution, denial of service, potential compromise of data integrity, and exposure of sensitive information.

Affected Version(s)

NVIDIA DGX servers All SBIOS firmware versions prior to 1.18

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5435

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Oct 3, 2022