NvidiaCVE-2022-42277CVE-2022-42277
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
25.6%
NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nvidia | dgx_station_a100_firmware | * | cpe:2.3:o:nvidia:dgx_station_a100_firmware:*:*:*:*:sbios:*:*:* |
| nvidia | dgx_station_a100 | - | cpe:2.3:h:nvidia:dgx_station_a100:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "NVIDIA DGX servers",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All SBIOS firmware versions prior to 10.16"
}
]
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
25.6%