PT-2022-4516 · Nvidia · Nvidia Dgx A100

Published

2022-06-07

Updated

2022-07-13

CVE-2022-31600

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NVIDIA DGX A100 (affected versions not specified)

Description The issue is caused by an integer overflow in the SBIOS component of the SmmCore server. This could allow an attacker to execute arbitrary code, cause a denial of service, and impact the confidentiality and integrity of protected information. A user with high privileges can chain another vulnerability to this issue, potentially leading to code execution, escalation of privileges, and compromised integrity. The scope of impact may extend to other components.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2022-05384

CVE-2022-31600

Affected Products

Nvidia Dgx A100

PT-2022-4516 · Nvidia · Nvidia Dgx A100

CVE-2022-31600

Weakness Enumeration

Related Identifiers

Affected Products

References · 5