CVE-2023-31034

CWE-190 — Integer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 99.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia DGX A100 Firmware Nvidia DGX A100

Timeline

PublishedJan 12

Description

NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:HExploitability: 0.8 | Impact: 5.3

Affected Packages2 packages

▶NVDnvidia/dgx_a100_firmware< 1.25

▶CVEListV5nvidia/dgx_a100All SBOIS versions prior to 1.25

🔴Vulnerability Details

CVEList

CVE↗2024-01-12

▶

GHSA

GHSA-r2x9-77mc-c6x6: NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow↗2024-01-12

▶