Vulnerability in DGX-2 SBIOS by NVIDIA allows privilege escalation and potential code execution
CVE-2023-0201

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Dgx Servers
Vendor: CVE Published:; 22 April 2023

Summary

A security issue in the NVIDIA DGX-2 SBIOS allows a user with elevated privileges to execute a write operation beyond the designated memory limits of an indexable resource. This could lead to severe consequences including code execution, denial of service, compromised system integrity, and unauthorized information access, thereby exposing critical system functions to potential exploitation.

Affected Version(s)

NVIDIA DGX servers All BMC versions prior to 1.08.00

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5449

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2023
Vulnerability Reserved
Jan 11, 2023