Lucene search
K
NvidiaSbios

6 matches found

CVE
CVE
added 2023/01/13 2:6 a.m.66 views

CVE-2022-42286

CVE-2022-42286 is an NVIDIA DGX A100 SBIOS vulnerability in the Bds component that can lead to code execution, denial of service, or privilege escalation. The issue affects the DGX A100 SBIOS (Bds) and is addressed by firmware updates. NVIDIA’s bulletin lists SBIOS firmware version 1.18 as the fi...

7.8CVSS7.8AI score0.00188EPSS
CVE
CVE
added 2023/01/13 1:48 a.m.57 views

CVE-2022-42285

CVE-2022-42285 affects NVIDIA DGX A100 SBIOS in the Pre-EFI Initialization (PEI) phase, where a privileged local user can disable SPI flash protection, enabling denial of service, privilege escalation, or data tampering. NVIDIA’s security bulletin and firmware update table indicate mitigations: D...

7.8CVSS7.6AI score0.00154EPSS
CVE
CVE
added 2023/04/22 2:28 a.m.57 views

CVE-2023-0209

The CVE-2023-0209 issue affects NVIDIA DGX-1 SBIOS Uncore PEI: missing authentication of the SSA-executed code allows files/firmware to potentially execute arbitrary code, cause DoS, privilege escalation via firmware implants, information disclosure, data tampering, and SecureBoot bypass. Red Hat...

8.2CVSS8.3AI score0.002EPSS
CVE
CVE
added 2023/04/22 2:32 a.m.56 views

CVE-2023-25509

CVE-2023-25509 affects NVIDIA DGX-1 SBIOS in the Bds component. The Red Hat and NVIDIA bulletins describe a vulnerability that may permit code execution, denial of service, and privilege escalation. Remediation is via firmware updates: SBIOS versions prior to S2W_3A13 are addressed by updating to...

7.8CVSS8AI score0.00192EPSS
CVE
CVE
added 2023/04/22 2:30 a.m.52 views

CVE-2023-25506

CVE-2023-25506 affects NVIDIA DGX-1 firmware (Ofbd in AMI SBIOS). The root cause is a preconditioned heap that can allow a user with elevated privileges to access beyond the end of a buffer, enabling code execution, privilege escalation, DoS, and information disclosure. Output from Red Hat and NV...

8.2CVSS8.2AI score0.00175EPSS
CVE
CVE
added 2023/04/22 2:28 a.m.46 views

CVE-2023-0207

CVE-2023-0207 concerns the NVIDIA DGX-2 SBIOS vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code, potentially causing a denial of service. The connected NVIDIA bulletin lists remediation: DGX-2 SBIOS versions prior to 0.33 are address...

7.5CVSS4.6AI score0.0015EPSS