CVE-2022-31603

Summary

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA DGX A100Versions prior to 22.5.5affected

Weaknesses

  • CWE-129: CWE-129 Improper Validation of Array Index

ADP Enrichment

CVE Program Container

Additional References

References