CVE-2022-31599

HIGH

NVIDIA DGX A100 - Memory Corruption

Title source: llm

Description

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

References (1)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5367

Scores

CVSS v3 8.2

EPSS 0.0006

EPSS Percentile 18.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-824

Status published

Products (1)

nvidia/dgx_a100_firmware < 22.5.5

Published Jul 04, 2022

Tracked Since Feb 18, 2026