CVE-2023-31031

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 90.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia DGX A100 FirmwareNvidia DGX A100
Timeline
PublishedJan 12

Description

NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5nvidia/dgx_a100All SBOIS versions prior to 1.25

🔴Vulnerability Details

2
GHSA
GHSA-xjhp-vgwg-948r: NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access2024-01-12
CVEList
CVE2024-01-12
CVE-2023-31031 (HIGH CVSS 7.8) | NVIDIA DGX Station A100 and DGX Sta | cvebase.io