NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.
References
Link | Resource |
---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5367 | Vendor Advisory |
https://nvidia.custhelp.com/app/answers/detail/a_id/5367 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://nvidia.custhelp.com/app/answers/detail/a_id/5367 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.4
v3 : 6.4 |
Information
Published : 2022-07-04 18:15
Updated : 2024-11-21 07:04
NVD link : CVE-2022-31603
Mitre link : CVE-2022-31603
CVE.ORG link : CVE-2022-31603
JSON object : View
Products Affected
nvidia
- dgx_a100
- dgx_a100_firmware
CWE
CWE-129
Improper Validation of Array Index