Description
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://nvidia.custhelp.com/app/answers/detail/a_id/5367
Scores
CVSS v3
8.2
EPSS
0.0023
EPSS Percentile
13.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-824
Status
published
Products (1)
nvidia/dgx_a100_firmware
< 22.5.5
Published
Jul 04, 2022
Tracked Since
Feb 18, 2026