CVE-2022-42277 HIGH

CVE-2022-42277

Vendor Nvidia

Product NVIDIA DGX servers

Weakness CWE-288

Published January 13, 2023

Last update April 7, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Key dates

02Disclosure timeline

January 13, 2023 CVE published

April 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-42277 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/288.html

Related vulnerabilities

Identifiers

CVE CVE-2022-42277

CWE CWE-288

CVSS 7.5 / HIGH

Affected versions