N/A

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

在缓冲区结束位置之后访问内存

NVIDIA DGX-1 缓冲区错误漏洞

NVIDIA DGX-1是美国英伟达（NVIDIA）公司的一款应用于深度学习的个人计算机设备。 NVIDIA DGX-1 Servers存在安全漏洞，该漏洞源于预条件堆可以允许具有提升权限的用户导致超出缓冲区末尾的访问，这可能导致代码执行、权限升级、拒绝服务和信息披露。

N/A

N/A