Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-31035 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-19 | N/A | 7.8 HIGH |
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | |||||
CVE-2023-31034 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-19 | N/A | 7.8 HIGH |
NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | |||||
CVE-2023-31033 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-19 | N/A | 8.0 HIGH |
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering. | |||||
CVE-2023-31032 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-19 | N/A | 5.5 MEDIUM |
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service. | |||||
CVE-2023-31031 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-19 | N/A | 7.8 HIGH |
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering. | |||||
CVE-2023-31030 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-18 | N/A | 9.8 CRITICAL |
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | |||||
CVE-2023-31029 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-18 | N/A | 9.8 CRITICAL |
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | |||||
CVE-2023-31025 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-18 | N/A | 7.5 HIGH |
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure. | |||||
CVE-2023-31024 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-18 | N/A | 9.8 CRITICAL |
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | |||||
CVE-2023-0202 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2023-12-10 | N/A | 7.8 HIGH |
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | |||||
CVE-2023-25522 | 1 Nvidia | 4 Dgx A100, Dgx A100 Firmware, Dgx A800 and 1 more | 2023-12-10 | N/A | 7.8 HIGH |
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | |||||
CVE-2023-0206 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2023-12-10 | N/A | 7.8 HIGH |
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | |||||
CVE-2023-25521 | 1 Nvidia | 4 Dgx A100, Dgx A100 Firmware, Dgx A800 and 1 more | 2023-12-10 | N/A | 7.8 HIGH |
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | |||||
CVE-2022-42272 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges. | |||||
CVE-2022-42271 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2023-12-10 | N/A | 7.8 HIGH |
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution | |||||
CVE-2022-42279 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | |||||
CVE-2022-42281 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2023-12-10 | N/A | 6.7 MEDIUM |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | |||||
CVE-2022-42290 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | |||||
CVE-2022-42273 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||||
CVE-2022-42288 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2023-12-10 | N/A | 5.3 MEDIUM |
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. |