CVE-2023-0207

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 91.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Sbios Nvidia Nvidia DGX Servers

Timeline

PublishedApr 22

Description

NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages2 packages

▶NVDnvidia/sbios< 0.33

▶CVEListV5nvidia/nvidia_dgx_serversAll SBIOS versions prior to 0.33

🔴Vulnerability Details

GHSA

GHSA-3g8h-g6g7-3hpr: NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code↗2023-04-22

▶

CVEList

CVE-2023-0207: NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code↗2023-04-22

▶