CVE-2022-42285

EPSS 0.03%
Veröffentlicht 13.01.2023 02:15:08
Zuletzt bearbeitet 21.11.2024 07:24:40
Quelle psirt@nvidia.com
Teams Watchlist Login
Unerledigt Login

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nvidia ≫ Sbios Version < 1.18

Nvidia ≫ Dgx A100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@nvidia.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-1231 Improper Prevention of Lock Bit Modification

The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.

https://nvidia.custhelp.com/app/answers/detail/a_id/5435

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-42285

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-42285

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-42285

EUVD