CVE-2023-31035

EUVD-2023-35372
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
nvidiadgx_a100_firmware
𝑥
< 1.25
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
nvidiadgx_a100_firmware
𝑥
< 1.25
ADP
Common Weakness Enumeration
References
https://nvidia.custhelp.com/app/answers/detail/a_id/5510
https://nvidia.custhelp.com/app/answers/detail/a_id/5510