Lucene search

[email protected]NVD:CVE-2023-31031

HistoryJan 12, 2024 - 7:15 p.m.

CVE-2023-31031

2024-01-1219:15:10

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

nvidia

dgx a100

sbios

heap-based

buffer overflow

vulnerability

code execution

denial of service

information disclosure

data tampering

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

Affected configurations

Nvd

Node

nvidiadgx_a100Match-

AND

nvidiadgx_a100_firmwareRange<1.25sbios

VendorProductVersionCPE
nvidiadgx_a100-cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*
nvidiadgx_a100_firmware*cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:sbios:*:*:*

Vendor	Product	Version	CPE
nvidia	dgx_a100	-	cpe:2.3:h:nvidia:dgx_a100:-:::::::*
nvidia	dgx_a100_firmware	*	cpe:2.3:o:nvidia:dgx_a100_firmware:::::sbios:::*

References

nvidia.custhelp.com/app/answers/detail/a_id/5510

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-31031

prion1 cve1 cvelist1 nvidia2