CVE-2022-31600: Integer Overflow
First published: Mon Jul 04 2022(Updated: )
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Dgx A100 Firmware | <22.5.5 | |
| NVIDIA DGX A100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this NVIDIA DGX A100 vulnerability?
The vulnerability ID for this NVIDIA DGX A100 vulnerability is CVE-2022-31600.
What is the severity rating of CVE-2022-31600?
The severity rating of CVE-2022-31600 is 8.2 (high).
What is the affected software for this vulnerability?
The affected software for this vulnerability is NVIDIA DGX A100 Firmware 22.5.5.
What can an attacker do with this vulnerability?
An attacker with high privileges can exploit this vulnerability to execute code, escalate privileges, cause denial of service, compromise integrity, and gain access to sensitive information.
Is there a fix available for CVE-2022-31600?
Please refer to the official NVIDIA advisory for information on available fixes and updates for CVE-2022-31600.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia dgx a100 firmware
- canonical/nvidia dgx a100