CVE-2023-0207
https://notcve.org/view.php?id=CVE-2023-0207
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5449 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-0206
https://notcve.org/view.php?id=CVE-2023-0206
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5449 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-0205
https://notcve.org/view.php?id=CVE-2023-0205
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5459 • CWE-1220: Insufficient Granularity of Access Control •
CVE-2023-0204
https://notcve.org/view.php?id=CVE-2023-0204
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5459 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVE-2023-0203
https://notcve.org/view.php?id=CVE-2023-0203
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5459 • CWE-1220: Insufficient Granularity of Access Control •