Vulnerabilities > Nvidia > DGX A100 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-31025 Injection vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.
network
low complexity
nvidia CWE-74
7.5
2024-01-12 CVE-2023-31031 Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access.
local
low complexity
nvidia CWE-787
7.8
2024-01-12 CVE-2023-31033 Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network .
low complexity
nvidia CWE-306
8.0
2024-01-12 CVE-2023-31034 Integer Overflow or Wraparound vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow.
local
low complexity
nvidia CWE-190
7.8
2024-01-12 CVE-2023-31035 Unspecified vulnerability in Nvidia DGX A100 Firmware 1.18/1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level.
local
low complexity
nvidia
7.8
2023-07-04 CVE-2023-25521 Improper Privilege Management vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed.
local
low complexity
nvidia CWE-269
7.8
2023-07-04 CVE-2023-25522 Improper Input Validation vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format.
local
low complexity
nvidia CWE-20
7.8
2023-04-22 CVE-2023-0202 Unspecified vulnerability in Nvidia DGX A100 Firmware 1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs.
local
low complexity
nvidia
7.8
2023-04-22 CVE-2023-0206 Unspecified vulnerability in Nvidia DGX A100 Firmware 1.8
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API.
local
low complexity
nvidia
7.8
2023-01-13 CVE-2022-42289 OS Command Injection vulnerability in Nvidia DGX A100 Firmware
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
network
low complexity
nvidia CWE-78
8.8