Improper Validation of Array Index

CVE-2022-31603

Medium

6.4/10

Summary

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-129 - Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

Advisory Timeline

Published Jul 04, 2022

Improper Validation of Array Index

CVE-2022-31603

Summary

CWE-129 - Improper Validation of Array Index

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS