CVE-2022-28200
HIGHNVIDIA DGX A100 Firmware < 22.5.5 - Memory Corruption in SBIOS BiosCfgTool
Title source: llmDescription
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://nvidia.custhelp.com/app/answers/detail/a_id/5367
Scores
CVSS v3
8.2
EPSS
0.0006
EPSS Percentile
18.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (1)
nvidia/dgx_a100_firmware
< 22.5.5
Published
Jul 02, 2022
Tracked Since
Feb 18, 2026