Lucene search

[email protected]NVD:CVE-2023-0200

HistoryApr 22, 2023 - 3:15 a.m.

CVE-2023-0200

2023-04-2203:15:09

CWE-788

CWE-787

[email protected]

web.nvd.nist.gov

nvidia dgx-2

ofbd

vulnerability

heap

access

code execution

privileges

denial of service

information disclosure

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

JSON

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

Affected configurations

Nvd

Node

nvidiabmcRange<1.08.00

AND

nvidiadgx-2Match-

VendorProductVersionCPE
nvidiabmc*cpe:2.3:o:nvidia:bmc:*:*:*:*:*:*:*:*
nvidiadgx-2-cpe:2.3:h:nvidia:dgx-2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	bmc	*	cpe:2.3:o:nvidia:bmc::::::::
nvidia	dgx-2	-	cpe:2.3:h:nvidia:dgx-2:-:::::::*

References

nvidia.custhelp.com/app/answers/detail/a_id/5449

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

JSON

Related for NVD:CVE-2023-0200

cvelist1 cve1 prion1 nvidia1