Vulnerabilities > CVE-2023-25506 - Out-of-bounds Write vulnerability in Nvidia Sbios

CVSS 8.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

nvidia

CWE-787

NVD

Published: 2023-04-22

Updated: 2024-11-21

Summary

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

Vulnerable Configurations

Part	Description	Count
OS	Nvidia Nvidia Sbios *	1
Hardware	Nvidia Nvidia DGX 1 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5458
https://nvidia.custhelp.com/app/answers/detail/a_id/5458