CVE-2022-31603

Published: Jul 4, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.

Affected (1)

Products: Nvidia: Dgx A100 Firmware

1 product

Dgx A100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nvidia Dgx A100 Firmware	Before 22.5.5

Running on/with	Platform Versions
Nvidia Dgx A100	All versions

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5367

Source: psirt@nvidia.com

Vendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5367

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.