Nvidia Sbios vulnerabilities

6 known vulnerabilities affecting nvidia/sbios.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-25509HIGHCVSS 7.8fixed in 52w_3a132023-04-22
CVE-2023-25509 [MEDIUM] CWE-119 CVE-2023-25509: NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of serv NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.
nvd
CVE-2023-25506HIGHCVSS 8.2fixed in 52w_3a132023-04-22
CVE-2023-25506 [HIGH] CWE-788 CVE-2023-25506: NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other compo
nvd
CVE-2023-0209HIGHCVSS 7.8fixed in 52w_3a132023-04-22
CVE-2023-0209 [HIGH] CWE-287 CVE-2023-0209: NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the co NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.
nvd
CVE-2023-0207MEDIUMCVSS 4.4fixed in 0.332023-04-22
CVE-2023-0207 [HIGH] CWE-732 CVE-2023-0207: NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM varia NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.
nvd
CVE-2022-42286HIGHCVSS 7.8fixed in 1.182023-01-13
CVE-2022-42286 [MEDIUM] CWE-119 CVE-2022-42286: DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges.
nvd
CVE-2022-42285HIGHCVSS 7.8fixed in 1.182023-01-13
CVE-2022-42285 [MEDIUM] CWE-1231 CVE-2022-42285: DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.
nvd