Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dgx_a100_firmware
(Nvidia)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 28 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-13 | CVE-2022-42279 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | Dgx_a100_firmware | 8.8 | ||
| 2023-01-13 | CVE-2022-42281 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | Dgx_a100_firmware | 6.7 | ||
| 2023-01-13 | CVE-2022-42288 | NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. | Dgx_a100_firmware | 5.3 | ||
| 2023-01-13 | CVE-2022-42289 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | Dgx_a100_firmware | 8.8 | ||
| 2023-01-13 | CVE-2022-42290 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | Dgx_a100_firmware | 8.8 | ||
| 2023-04-22 | CVE-2023-0202 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | Dgx_a100_firmware | 7.8 | ||
| 2023-04-22 | CVE-2023-0206 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | Dgx_a100_firmware | 7.8 | ||
| 2023-07-04 | CVE-2023-25521 | NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | Dgx_a100_firmware, Dgx_a800_firmware | 7.8 | ||
| 2023-07-04 | CVE-2023-25522 | NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | Dgx_a100_firmware, Dgx_a800_firmware | 7.8 | ||
| 2024-01-12 | CVE-2023-31024 | NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | Dgx_a100_firmware | 9.8 |