CVE-2023-25506

CWE-788CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.2HIGH
EPSS
0.0%
top 85.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia SbiosNvidia Nvidia DGX Servers
Timeline
PublishedApr 22

Description

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages2 packages

NVDnvidia/sbios< 52w_3a13
CVEListV5nvidia/nvidia_dgx_serversAll SBIOS prior to S2W_3A13

🔴Vulnerability Details

2
CVEList
CVE-2023-25506: NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access b2023-04-22
GHSA
GHSA-wh7f-qrp8-9qqv: NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access b2023-04-22
CVE-2023-25506 (HIGH CVSS 8.2) | NVIDIA DGX-1 contains a vulnerabili | cvebase.io