Overview
- Description
- NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.
- Source
- psirt@nvidia.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D2E1287-76B8-4104-98C5-ADD7E4FB29CA",
"versionEndExcluding": "22.5.5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]