CVE-2023-0202: Buffer Overflow
First published: Sat Apr 22 2023(Updated: )
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Dgx A100 Firmware | <1.18 | |
| NVIDIA DGX A100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-0202.
What is the affected software?
The affected software is Nvidia Dgx A100 Firmware version up to exclusive 1.18.
What is the severity of this vulnerability?
The severity of this vulnerability is high with a CVSS score of 7.8.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by exploiting the GenericSio and LegacySmmSredir SMM APIs to modify arbitrary memory of SMRAM.
What are the potential consequences of this vulnerability?
The potential consequences of this vulnerability include denial of service, escalation of privileges, and information disclosure.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update Nvidia Dgx A100 Firmware to a version that is not vulnerable.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia dgx a100 firmware
- canonical/nvidia dgx a100