CVE-2022-42285

EPSS 0.03%
Published 13.01.2023 02:15:08
Last modified 21.11.2024 07:24:40
Source psirt@nvidia.com
Teams watchlist Login
Open Login

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Nvidia ≫ Sbios Version < 1.18

Nvidia ≫ Dgx A100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@nvidia.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-1231 Improper Prevention of Lock Bit Modification

The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.

https://nvidia.custhelp.com/app/answers/detail/a_id/5435

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-42285

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-42285

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-42285

EUVD