CVE-2022-42285

Summary

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA DGX serversAll SBIOS firmware versions prior to 1.18affected

Weaknesses

  • CWE-1231: CWE-1231

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References