Описание
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.21 (исключая)
Одновременно
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:sbios:*:*:*
cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.21 (исключая)
Одновременно
cpe:2.3:o:nvidia:dgx_a800_firmware:*:*:*:*:sbios:*:*:*
cpe:2.3:h:nvidia:dgx_a800:-:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00021
Низкий
7.5 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-250
CWE-269
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.
EPSS
Процентиль: 5%
0.00021
Низкий
7.5 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-250
CWE-269