CVE-2023-0206

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 88.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia DGX A100 Firmware Nvidia Nvidia DGX Servers

Timeline

PublishedApr 22

Description

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages2 packages

▶NVDnvidia/dgx_a100_firmware< 1.18

▶CVEListV5nvidia/nvidia_dgx_serversAll SBIOS versions prior to 1.18

🔴Vulnerability Details

CVEList

CVE-2023-0206: NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API↗2023-04-22

▶

GHSA

GHSA-gh64-fxhm-p67h: NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API↗2023-04-22

▶