Lucene search

[email protected]NVD:CVE-2023-25506

HistoryApr 22, 2023 - 3:15 a.m.

CVE-2023-25506

2023-04-2203:15:10

CWE-788

CWE-787

[email protected]

web.nvd.nist.gov

nvidia

dgx-1

vulnerability

ofbd

ami sbios

heap

code execution

privileges

denial of service

information disclosure

cve-2023-25506

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

Affected configurations

Nvd

Node

nvidiasbiosRange<52w_3a13

AND

nvidiadgx-1Match-

VendorProductVersionCPE
nvidiasbios*cpe:2.3:o:nvidia:sbios:*:*:*:*:*:*:*:*
nvidiadgx-1-cpe:2.3:h:nvidia:dgx-1:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	sbios	*	cpe:2.3:o:nvidia:sbios::::::::
nvidia	dgx-1	-	cpe:2.3:h:nvidia:dgx-1:-:::::::*

References

nvidia.custhelp.com/app/answers/detail/a_id/5458

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for NVD:CVE-2023-25506

cvelist1 prion1 cve1 nvidia1