Code Execution and Privilege Escalation in DGX A100 SBIOS by NVIDIA
CVE-2022-42286

6MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Dgx Servers
Vendor: CVE Published:; 13 January 2023

Summary

The DGX A100 SBIOS by NVIDIA contains a vulnerability in its Boot Device Selection (Bds) component, which can be exploited to execute arbitrary code, potentially leading to denial of service and privilege escalation. This vulnerability poses significant risks to system integrity and security, necessitating prompt attention for mitigation.

Affected Version(s)

NVIDIA DGX servers All SBIOS firmware versions prior to 1.18

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5435

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Oct 3, 2022