CVE-2022-28200: Buffer Overflow
First published: Sat Jul 02 2022(Updated: )
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Dgx A100 Firmware | <22.5.5 | |
| NVIDIA DGX A100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-28200.
What is the title of the vulnerability?
The title of the vulnerability is NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool where a local user with elevated privileges can read and write beyond intended bounds in SMRAM.
What is the severity of CVE-2022-28200?
The severity of CVE-2022-28200 is high with a severity value of 8.2.
How can the vulnerability be exploited?
The vulnerability can be exploited by a local user with elevated privileges to read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.
Is there a fix available for CVE-2022-28200?
Yes, it is recommended to update the affected NVIDIA DGX A100 firmware to version 22.5.5 or later to fix the vulnerability.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia dgx a100 firmware
- canonical/nvidia dgx a100