What is CVE-2022-42278?

CVE-2022-42278 is a high-severity vulnerability in Nvidia Dgx Servers, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.2/10. Published 2023-01-13.

How severe is CVE-2022-42278?

High severity. CVSS v3 base score is 7.2 out of 10.

Buffer overflow in Nvidia Dgx Servers

CVE-2022-42278

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, informat…

Vulnerability class: Buffer Overflow

EPSS: 0.004 (63.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Nvidia Dgx Servers — versions All BMC firmware versions prior to 00.19.07

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

nvidia.custhelp.com/app/answers/detail/a_id/5435

Frequently asked questions

What is CVE-2022-42278?: CVE-2022-42278 is a high-severity vulnerability in Nvidia Dgx Servers, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.2/10. Published 2023-01-13.
How severe is CVE-2022-42278?: High severity. CVSS v3 base score is 7.2 out of 10.