Lucene search

NvidiaCVELIST:CVE-2022-31600

HistoryJul 04, 2022 - 6:10 p.m.

CVE-2022-31600

2022-07-0418:10:19

CWE-190

nvidia

www.cve.org

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.3%

JSON

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.

CNA Affected

[
  {
    "product": "NVIDIA DGX A100",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 22.5.5"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5367

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.3%

JSON

Related for CVELIST:CVE-2022-31600