CVE-2022-31600 HIGH

CVE-2022-31600

Vendor Nvidia
Product NVIDIA DGX A100
Weakness CWE-190
Published July 4, 2022
Last update August 3, 2024

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.

Key dates

02Disclosure timeline

July 4, 2022 CVE published
August 3, 2024 Record updated