CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5510	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:sbios:*:*:*

cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

History

19 Jan 2024, 13:09

Type	Values Removed	Values Added
CWE		CWE-913
CPE		cpe:2.3:h:nvidia:dgx_a100:-:::::::* cpe:2.3:o:nvidia:dgx_a100_firmware:::::sbios:::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 - Vendor Advisory
First Time		Nvidia dgx A100 Nvidia Nvidia dgx A100 Firmware

12 Jan 2024, 19:21

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 19:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-31032

Mitre link : CVE-2023-31032

CVE.ORG link : CVE-2023-31032

JSON object : View

Products Affected

nvidia

dgx_a100_firmware
dgx_a100

CWE

CWE-913

Improper Control of Dynamically-Managed Code Resources

CWE-627

Dynamic Variable Evaluation

{"id": "CVE-2023-31032", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2024-01-12T19:15:10.490", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-913"}]}, {"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-627"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service."}, {"lang": "es", "value": "NVIDIA DGX A100 SBIOS contiene una vulnerabilidad en la que un usuario puede provocar una evaluaci\u00f3n de variable din\u00e1mica mediante acceso local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio."}], "lastModified": "2024-01-19T13:09:21.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:sbios:*:*:*", "vulnerable": true, "matchCriteriaId": "BF83A6E1-F48A-4FF6-B04E-6A1240FFA8C0", "versionEndExcluding": "1.25"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}