Lucene search

NvidiaCVELIST:CVE-2023-25506

HistoryApr 22, 2023 - 2:30 a.m.

CVE-2023-25506

2023-04-2202:30:26

CWE-788

nvidia

www.cve.org

nvidia

dgx-1

ofbd

vulnerability

ami sbios

heap

access

buffer

code execution

privileges

denial of service

information disclosure

impact

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVIDIA DGX servers",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All SBIOS prior to S2W_3A13"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5458

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for CVELIST:CVE-2023-25506