PT-2022-4515 · Nvidia · Nvidia Dgx A100

Published

2022-06-07

Updated

2022-07-13

CVE-2022-31599

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NVIDIA DGX A100 (affected versions not specified)

Description The issue is related to a vulnerability in the SBIOS component of the Ofbd in NVIDIA DGX A100 servers. This vulnerability can be exploited by a local user with elevated privileges, allowing access to an uninitialized pointer. The exploitation may lead to code execution, escalation of privileges, denial of service, and information disclosure. The impact can extend to other components.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824

Related Identifiers

BDU:2022-05383

CVE-2022-31599

Affected Products

Nvidia Dgx A100

PT-2022-4515 · Nvidia · Nvidia Dgx A100

CVE-2022-31599

Weakness Enumeration

Related Identifiers

Affected Products

References · 5