CVE-2023-25506

EPSS 0.05%
Veröffentlicht 22.04.2023 03:15:10
Zuletzt bearbeitet 21.11.2024 07:49:37
Quelle psirt@nvidia.com
CVE-Watchlists
Login
Unerledigt
Login

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nvidia ≫ Sbios Version < 52w_3a13

Nvidia ≫ Dgx-1 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.157

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
psirt@nvidia.com	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CWE-788 Access of Memory Location After End of Buffer

The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

https://nvidia.custhelp.com/app/answers/detail/a_id/5458

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-25506

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25506

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25506

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-25506