CVE-2023-0206: Buffer Overflow
First published: Sat Apr 22 2023(Updated: )
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Dgx A100 Firmware | <1.18 | |
| NVIDIA DGX A100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this NVIDIA DGX A100 SBIOS vulnerability?
The vulnerability ID for this NVIDIA DGX A100 SBIOS vulnerability is CVE-2023-0206.
What is the impact of this vulnerability?
A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by modifying arbitrary memory of SMRAM using the NVME SMM API.
What is the severity level of this vulnerability?
The severity level of this vulnerability is high with a severity value of 7.8.
How can I fix this vulnerability?
To fix this vulnerability, you should install the latest firmware update provided by NVIDIA. Please refer to the official NVIDIA support page for more information.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia dgx a100 firmware
- canonical/nvidia dgx a100