Lucene search

NvidiaCVELIST:CVE-2022-31599

HistoryJul 04, 2022 - 6:10 p.m.

CVE-2022-31599

2022-07-0418:10:14

CWE-824

nvidia

www.cve.org

nvidia dgx a100

sbios

vulnerability

uninitialized pointer

code execution

escalation of privileges

denial of service

information disclosure

local user

elevated privileges

cve-2022-31599

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

Percentile

5.1%

JSON

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

CNA Affected

[
  {
    "product": "NVIDIA DGX A100",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 22.5.5"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5367

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-31599