CVE-2023-25506 — HIGH (7.5)

Q: How severe is CVE-2023-25506?

CVE-2023-25506 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-25506?

Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Sbios, Nvidia Dgx-1.

Vulnerability Description

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nvidia	Sbios	< 52w_3a13
Nvidia	Dgx-1	-

Related Weaknesses (CWE)

CWE-788 CWE-787

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5458Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5458Vendor Advisory

FAQ

What is CVE-2023-25506?

CVE-2023-25506 is a vulnerability with a CVSS score of 7.5 (HIGH). NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code ...

How severe is CVE-2023-25506?

CVE-2023-25506 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25506?

Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Sbios, Nvidia Dgx-1.