CVE-2022-42277
First published: Fri Jan 13 2023(Updated: )
NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Dgx Station A100 Firmware | <10.16 | |
| Nvidia Dgx Station A100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this NVIDIA DGX Station vulnerability?
The vulnerability ID for this NVIDIA DGX Station vulnerability is CVE-2022-42277.
What is the affected software for this vulnerability?
The affected software for this vulnerability is NVIDIA DGX Station A100 Firmware.
What is the severity rating of CVE-2022-42277?
The severity rating of CVE-2022-42277 is high with a severity value of 8.2.
How can a local user exploit this vulnerability?
A local user with elevated privileges can exploit this vulnerability by reading, writing, and erasing flash, leading to code execution, escalation of privileges, denial of service, and information disclosure.
Is NVIDIA DGX Station A100 vulnerable to this vulnerability?
No, NVIDIA DGX Station A100 is not vulnerable to this vulnerability.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia dgx station a100 firmware
- canonical/nvidia dgx station a100