HIGH🇬🇧 English

CVE-2023-25506

CVSS 7.5v3.1pub. 2023-04-22upd. 2024-11-21

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Nvidia Dgx 1

    HW
    Nvidia
    wszystkie wersje
  • Nvidia Sbios

    OS
    Nvidia
    < 52w_3a13
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDoS
CWE
Referencje

Powiązane podatności

CVE-2020-11483CRITICAL9.8ten sam produkt

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware vers...

CVE-2020-11486CRITICAL9.8ten sam produkt

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI ...

CVE-2023-0209HIGH8.2ten sam produkt

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code execute...

CVE-2023-0207HIGH7.5ten sam produkt

NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at run...

CVE-2023-25505HIGH7.8ten sam produkt

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with ...

CVE-2023-25506 — HIGH 7.5 | CVEbaza.pl