Vulnerabilities > Nvidia > DGX A100 Firmware > 1.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-12 | CVE-2023-31031 | Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 1.18/1.8 NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. | 7.8 |
2024-01-12 | CVE-2023-31032 | Improper Control of Dynamically-Managed Code Resources vulnerability in Nvidia DGX A100 Firmware 1.18/1.8 NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. | 5.5 |
2024-01-12 | CVE-2023-31034 | Integer Overflow or Wraparound vulnerability in Nvidia DGX A100 Firmware 1.18/1.8 NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. | 7.8 |
2024-01-12 | CVE-2023-31035 | Unspecified vulnerability in Nvidia DGX A100 Firmware 1.18/1.8 NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. | 7.8 |
2023-07-04 | CVE-2023-25521 | Improper Privilege Management vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. | 7.8 |
2023-07-04 | CVE-2023-25522 | Improper Input Validation vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. | 7.8 |
2023-04-22 | CVE-2023-0202 | Unspecified vulnerability in Nvidia DGX A100 Firmware 1.8 NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. | 7.8 |
2023-04-22 | CVE-2023-0206 | Unspecified vulnerability in Nvidia DGX A100 Firmware 1.8 NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. | 7.8 |
2023-01-13 | CVE-2022-42276 | Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware 1.8 NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | 8.2 |
2023-01-13 | CVE-2022-42281 | Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 1.8 NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | 6.7 |