CVE-2022-31602
published 2022-07-04CVE-2022-31602: NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nvidia | dgx_a100_firmware | < 22.5.5 | 22.5.5 |
| nvidia | nvidia_dgx_a100 | — | — |