CVE-2022-31603

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:04

Type Values Removed Values Added
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5367 - Vendor Advisory () https://nvidia.custhelp.com/app/answers/detail/a_id/5367 - Vendor Advisory
CVSS v2 : 4.4
v3 : 6.7
v2 : 4.4
v3 : 6.4

Information

Published : 2022-07-04 18:15

Updated : 2024-11-21 07:04


NVD link : CVE-2022-31603

Mitre link : CVE-2022-31603

CVE.ORG link : CVE-2022-31603


JSON object : View

Products Affected

nvidia

  • dgx_a100
  • dgx_a100_firmware
CWE
CWE-129

Improper Validation of Array Index