CVE-2023-25522

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 90.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia DGX A100 Firmware Nvidia DGX A800 Firmware Nvidia DGX A100/a800

Timeline

PublishedJul 4

Description

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5nvidia/dgx_a100/a800All SBIOS versions prior to 1.21

▶NVDnvidia/dgx_a100_firmware< 1.21

▶NVDnvidia/dgx_a800_firmware< 1.21

🔴Vulnerability Details

GHSA

GHSA-qvm4-6784-j9p4: NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in↗2023-07-04

▶

CVEList

CVE-2023-25522: NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in↗2023-07-03

▶