CVE-2022-31603

CWE-129 — Improper Array Index Validation3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 85.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia DGX A100 Firmware Nvidia Nvidia DGX A100

Timeline

PublishedJul 4

Latest updateJul 5

Description

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/dgx_a100_firmware< 22.5.5

▶CVEListV5nvidia/nvidia_dgx_a100Versions prior to 22.5.5

🔴Vulnerability Details

GHSA

GHSA-9jqr-jrh3-wxf9: NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can explo↗2022-07-05

▶

CVEList

CVE-2022-31603: NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can explo↗2022-07-04

▶