CVE-2023-25506

Summary

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA DGX serversAll SBIOS prior to S2W_3A13affected

Weaknesses

  • CWE-788: CWE-788

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References