CVE-2023-0200

CWE-788 CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 85.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia BMC Nvidia Nvidia DGX Servers

Timeline

PublishedApr 22

Description

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages2 packages

▶NVDnvidia/bmc< 1.08.00

▶CVEListV5nvidia/nvidia_dgx_serversAll BMC versions prior to 1.08.00

🔴Vulnerability Details

CVEList

CVE-2023-0200: NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, w↗2023-04-22

▶

GHSA

GHSA-2jpj-hq7g-8gxv: NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, w↗2023-04-22

▶