First published: Fri Jan 13 2023(Updated: )
NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nvidia Dgx A100 Firmware | <1.18 | |
NVIDIA DGX A100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this NVIDIA DGX A100 vulnerability is CVE-2022-42281.
The severity of CVE-2022-42281 is medium.
The affected software for CVE-2022-42281 is NVIDIA DGX A100 Firmware up to version 1.18.
CVE-2022-42281 may allow a highly privileged local attacker to cause an out-of-bounds write, leading to code execution, denial of service, compromised integrity, and information disclosure.
No, NVIDIA DGX A100 is not vulnerable to CVE-2022-42281.
To fix CVE-2022-42281, update the NVIDIA DGX A100 Firmware to a version higher than 1.18.