Vulnerabilities > Nvidia > DGX A100 Firmware > 1.8

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-31031 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access.
local
low complexity
nvidia CWE-787
7.8
2024-01-12 CVE-2023-31032 Improper Control of Dynamically-Managed Code Resources vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access.
local
low complexity
nvidia CWE-913
5.5
2024-01-12 CVE-2023-31034 Integer Overflow or Wraparound vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow.
local
low complexity
nvidia CWE-190
7.8
2024-01-12 CVE-2023-31035 Unspecified vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level.
local
low complexity
nvidia
7.8
2023-07-04 CVE-2023-25521 Improper Privilege Management vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed.
local
low complexity
nvidia CWE-269
7.8
2023-07-04 CVE-2023-25522 Improper Input Validation vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format.
local
low complexity
nvidia CWE-20
7.8
2023-04-22 CVE-2023-0202 Unspecified vulnerability in Nvidia DGX A100 Firmware 1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs.
local
low complexity
nvidia
7.8
2023-04-22 CVE-2023-0206 Unspecified vulnerability in Nvidia DGX A100 Firmware 1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API.
local
low complexity
nvidia
7.8
2023-01-13 CVE-2022-42276 Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware 1.8
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.
local
low complexity
nvidia CWE-306
8.2
2023-01-13 CVE-2022-42281 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 1.8
NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
local
low complexity
nvidia CWE-787
6.7