Nvidia Dgx A100 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Nvidia Dgx A100 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2023-31030 — CVSS 9.3 (critical): NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by…
CVE-2023-31029 — CVSS 9.3 (critical): NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker…
CVE-2023-31024 — CVSS 9.0 (critical): NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by…
CVE-2022-42271 — CVSS 8.4 (high): NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service…
CVE-2022-31599 — CVSS 8.2 (high): NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an…
CVE-2022-28200 — CVSS 8.2 (high): NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond…
CVE-2022-42272 — CVSS 8.1 (high): NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code…
CVE-2022-42273 — CVSS 8.1 (high): NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service…
CVE-2023-31035 — CVSS 7.5 (high): NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute…
CVE-2022-31600 — CVSS 7.5 (high): NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this…
CVE-2022-42276 — CVSS 7.5 (high): NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase…
CVE-2023-0202 — CVSS 7.5 (high): NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and…
CVE-2023-0206 — CVSS 7.5 (high): NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A…
CVE-2023-25521 — CVSS 7.5 (high): NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a…
CVE-2023-25522 — CVSS 7.5 (high): NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration…
CVE-2023-31032 — CVSS 7.5 (high): NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit…
CVE-2022-42289 — CVSS 7.2 (high): NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to…
CVE-2022-42290 — CVSS 7.2 (high): NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to…
CVE-2022-42279 — CVSS 7.2 (high): NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to…
CVE-2023-31033 — CVSS 6.8 (medium): NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent…
CVE-2022-42281 — CVSS 6.7 (medium): NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an…
CVE-2022-31601 — CVSS 6.7 (medium): NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an…
CVE-2023-31034 — CVSS 6.6 (medium): NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an…
CVE-2023-31025 — CVSS 6.5 (medium): NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability…
CVE-2022-31602 — CVSS 6.4 (medium): NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can…
CVE-2022-31603 — CVSS 6.4 (medium): NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global…
CVE-2022-42288 — CVSS 5.3 (medium): NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username…
CVE-2023-31031 — CVSS 4.2 (medium): NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local…