First published: Mon Jul 04 2022(Updated: )
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nvidia Dgx A100 Firmware | <22.5.5 | |
NVIDIA DGX A100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-31601 is a vulnerability found in NVIDIA DGX A100's SBIOS in the SmbiosPei component that could allow a highly privileged local attacker to perform an out-of-bounds write, potentially leading to code execution, denial of service, compromised integrity, and information disclosure.
CVE-2022-31601 affects NVIDIA DGX A100 by exploiting a vulnerability in its SBIOS in the SmbiosPei component, enabling a highly privileged local attacker to cause an out-of-bounds write, which can result in code execution, denial of service, compromised integrity, and information disclosure.
The severity of CVE-2022-31601 is medium, with a CVSS score of 6.7.
To fix the CVE-2022-31601 vulnerability, it is recommended to update NVIDIA DGX A100 firmware to version 22.5.5 or higher. Please refer to the official NVIDIA advisory for more information.
No, NVIDIA DGX A100 is not vulnerable to CVE-2022-31601.