Lucene search

NvidiaCVE-2023-25506

HistoryApr 22, 2023 - 3:15 a.m.

CVE-2023-25506

2023-04-2203:15:10

CWE-787

CWE-788

nvidia

web.nvd.nist.gov

nvidia

dgx-1

cve-2023-25506

vulnerability

ami sbios

code execution

privilege escalation

denial of service

information disclosure

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

Affected configurations

Nvd

Node

nvidiasbiosRange<52w_3a13

AND

nvidiadgx-1Match-

VendorProductVersionCPE
nvidiasbios*cpe:2.3:o:nvidia:sbios:*:*:*:*:*:*:*:*
nvidiadgx-1-cpe:2.3:h:nvidia:dgx-1:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	sbios	*	cpe:2.3:o:nvidia:sbios::::::::
nvidia	dgx-1	-	cpe:2.3:h:nvidia:dgx-1:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVIDIA DGX servers",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All SBIOS prior to S2W_3A13"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5458

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for CVE-2023-25506