CVE-2022-31600

HIGH Year: 2022
CVSS v3 Score
8.2
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-190
View all →

Vulnerability Description

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.

Related Vulnerabilities

CVE-2019-5040

HIGH
CVSS:8.2(High)

An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet ca...

CWE-1902019

CVE-2020-10543

HIGH
CVSS:8.2(High)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CWE-1902020

CVE-2020-11263

HIGH
CVSS:8.2(High)

An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sn...

CWE-1902020

CVE-2020-2742

HIGH
CVSS:8.2(High)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily explo...

CWE-1902020

CVE-2020-6059

HIGH
CVSS:8.2(High)

An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which ca...

CWE-1902020

CVE-2021-4206

HIGH
CVSS:8.2(High)

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based...

CWE-1902021