CVE-2022-42285Improper Prevention of Lock Bit Modification in Nvidia Sbios

CWE-1231Improper Prevention of Lock Bit Modification3 documents3 sources
Severity
7.8HIGHNVD
CNA6.0
EPSS
0.0%
top 86.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia SbiosNvidia DGX Servers
Timeline
PublishedJan 13

Description

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDnvidia/sbios< 1.18
CVEListV5nvidia/nvidia_dgx_serversAll SBIOS firmware versions prior to 1.18

🔴Vulnerability Details

2
CVEList
CVE-2022-42285: DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may2023-01-13
GHSA
GHSA-pw9p-6xwp-hhv6: DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may2023-01-13
CVE-2022-42285 — Nvidia Sbios vulnerability | cvebase