CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0206
https://notcve.org/view.php?id=CVE-2023-0206
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5449 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0205
https://notcve.org/view.php?id=CVE-2023-0205
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5459 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0204
https://notcve.org/view.php?id=CVE-2023-0204
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5459 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0203
https://notcve.org/view.php?id=CVE-2023-0203
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5459 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0202
https://notcve.org/view.php?id=CVE-2023-0202
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5449 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •