Preconditioned Heap Access Beyond Buffer in NVIDIA DGX-1's AMI SBIOS

Preconditioned Heap Access Beyond Buffer in NVIDIA DGX-1's AMI SBIOS

CVE-2023-25506 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

Learn more about our Cis Benchmark Audit For Apple Ios.