Vulnerabilities > CVE-2022-28200 - Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
nvidia
CWE-787

Summary

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Vulnerable Configurations

Part Description Count
OS
Nvidia
1
Hardware
Nvidia
1

Common Weakness Enumeration (CWE)