Lucene search

NvidiaCVELIST:CVE-2023-0200

HistoryApr 22, 2023 - 2:21 a.m.

CVE-2023-0200

2023-04-2202:21:13

CWE-788

nvidia

www.cve.org

nvidia dgx-2

ofbd

vulnerability

access beyond buffer

code execution

escalation of privileges

denial of service

information disclosure

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVIDIA DGX servers",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All BMC versions prior to 1.08.00"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5449

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for CVELIST:CVE-2023-0200