CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25509
https://notcve.org/view.php?id=CVE-2023-25509
NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25506
https://notcve.org/view.php?id=CVE-2023-25506
NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0209
https://notcve.org/view.php?id=CVE-2023-0209
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0207
https://notcve.org/view.php?id=CVE-2023-0207
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5449 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42286
https://notcve.org/view.php?id=CVE-2022-42286
DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges. DGX A100 SBIOS contiene una vulnerabilidad en Bds, que puede provocar la ejecución de código, denegación de servicio o escalada de privilegios. • https://nvidia.custhelp.com/app/answers/detail/a_id/5435 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •