Vulnerabilities > Nvidia > DGX A100 Firmware > 00.19.07

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-31024 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet.
network
low complexity
nvidia CWE-787
critical
9.8
2024-01-12 CVE-2023-31025 Injection vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.
network
low complexity
nvidia CWE-74
7.5
2024-01-12 CVE-2023-31029 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet.
network
low complexity
nvidia CWE-787
critical
9.8
2024-01-12 CVE-2023-31030 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet.
network
low complexity
nvidia CWE-787
critical
9.8
2024-01-12 CVE-2023-31033 Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network .
low complexity
nvidia CWE-306
8.0
2022-07-04 CVE-2022-31600 Integer Overflow or Wraparound vulnerability in Nvidia DGX A100 Firmware
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure.
local
low complexity
nvidia CWE-190
8.2
2022-07-04 CVE-2022-31602 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
local
low complexity
nvidia CWE-787
6.7
2022-07-04 CVE-2022-31603 Improper Validation of Array Index vulnerability in Nvidia DGX A100 Firmware
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.
local
low complexity
nvidia CWE-129
6.7
2022-07-02 CVE-2022-28200 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.
local
low complexity
nvidia CWE-787
8.2