6 matches found
CVE-2022-42286
CVE-2022-42286 is an NVIDIA DGX A100 SBIOS vulnerability in the Bds component that can lead to code execution, denial of service, or privilege escalation. The issue affects the DGX A100 SBIOS (Bds) and is addressed by firmware updates. NVIDIA’s bulletin lists SBIOS firmware version 1.18 as the fi...
CVE-2022-42285
CVE-2022-42285 affects NVIDIA DGX A100 SBIOS in the Pre-EFI Initialization (PEI) phase, where a privileged local user can disable SPI flash protection, enabling denial of service, privilege escalation, or data tampering. NVIDIA’s security bulletin and firmware update table indicate mitigations: D...
CVE-2023-0209
The CVE-2023-0209 issue affects NVIDIA DGX-1 SBIOS Uncore PEI: missing authentication of the SSA-executed code allows files/firmware to potentially execute arbitrary code, cause DoS, privilege escalation via firmware implants, information disclosure, data tampering, and SecureBoot bypass. Red Hat...
CVE-2023-25509
CVE-2023-25509 affects NVIDIA DGX-1 SBIOS in the Bds component. The Red Hat and NVIDIA bulletins describe a vulnerability that may permit code execution, denial of service, and privilege escalation. Remediation is via firmware updates: SBIOS versions prior to S2W_3A13 are addressed by updating to...
CVE-2023-25506
CVE-2023-25506 affects NVIDIA DGX-1 firmware (Ofbd in AMI SBIOS). The root cause is a preconditioned heap that can allow a user with elevated privileges to access beyond the end of a buffer, enabling code execution, privilege escalation, DoS, and information disclosure. Output from Red Hat and NV...
CVE-2023-0207
CVE-2023-0207 concerns the NVIDIA DGX-2 SBIOS vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code, potentially causing a denial of service. The connected NVIDIA bulletin lists remediation: DGX-2 SBIOS versions prior to 0.33 are address...