Nvidia Dgx Servers vulnerabilities

CVE-2023-25508 [MEDIUM] CWE-22 CVE-2023-25508: NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriat NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

CVE-2023-25507 [HIGH] CWE-78 CVE-2023-25507: NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriat NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.

CVE-2023-0206 [HIGH] CWE-119 CVE-2023-0206: NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRA NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

CVE-2023-25509 [MEDIUM] CWE-119 CVE-2023-25509: NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of serv NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

CVE-2023-25505 [HIGH] CWE-120 CVE-2023-25505: NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an atta NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.

CVE-2023-25506 [HIGH] CWE-788 CVE-2023-25506: NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other compo

CVE-2023-0209 [HIGH] CWE-287 CVE-2023-0209: NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the co NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.

CVE-2023-0202 [HIGH] CWE-119 CVE-2023-0202: NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRA NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

CVE-2023-0201 [MEDIUM] CWE-118 CVE-2023-0201: NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a wr NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

CVE-2023-0207 [HIGH] CWE-732 CVE-2023-0207: NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM varia NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.

CVE-2023-0200 [HIGH] CWE-788 CVE-2023-0200: NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditione NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

CVE-2022-42280 [HIGH] CWE-22 CVE-2022-42280: NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can ex NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass.

CVE-2022-42274 [HIGH] CWE-120 CVE-2022-42274: NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

CVE-2022-42279 [HIGH] CWE-78 CVE-2022-42279: NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

CVE-2022-42276 [HIGH] CWE-288 CVE-2022-42276: NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

CVE-2022-42277 [HIGH] CWE-288 CVE-2022-42277: NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevat NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

CVE-2022-42286 [MEDIUM] CWE-119 CVE-2022-42286: DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges.

CVE-2022-42285 [MEDIUM] CWE-1231 CVE-2022-42285: DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

CVE-2022-42287 [MEDIUM] CWE-22 CVE-2022-42287: NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and dow NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.

CVE-2022-42283 [MEDIUM] CWE-120 CVE-2022-42283: NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.