CVE-2022-31599 HIGH

CVE-2022-31599

Vendor Nvidia
Product NVIDIA DGX A100
Weakness CWE-824
Published July 4, 2022
Last update August 3, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Key dates

02Disclosure timeline

July 4, 2022 CVE published
August 3, 2024 Record updated