CVE-2022-31599
First published: Mon Jul 04 2022(Updated: )
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Dgx A100 Firmware | <22.5.5 | |
| NVIDIA DGX A100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this NVIDIA DGX A100 vulnerability?
The vulnerability ID for this NVIDIA DGX A100 vulnerability is CVE-2022-31599.
What is the severity rating of CVE-2022-31599?
CVE-2022-31599 has a severity rating of 8.2 (high).
What is the affected software for CVE-2022-31599?
The affected software for CVE-2022-31599 is NVIDIA DGX A100 Firmware version up to and excluding 22.5.5.
What is the impact of CVE-2022-31599?
CVE-2022-31599 may lead to code execution, escalation of privileges, denial of service, and information disclosure.
Is NVIDIA DGX A100 vulnerable to CVE-2022-31599?
No, NVIDIA DGX A100 is not vulnerable to CVE-2022-31599.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia dgx a100 firmware
- canonical/nvidia dgx a100