Description
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
References (1)
Core 1
Core References
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5562
Scores
CVSS v3
8.7
EPSS
0.0006
EPSS Percentile
20.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-274
Status
published
Products (4)
NVIDIA/BlueField 1
All versions prior to 18.31.1014
NVIDIA/BlueField GA
All versions prior to xx.41.1000
NVIDIA/BlueField LTS22
All versions prior to xx.35.4030
NVIDIA/BlueField LTS23
All versions prior to xx.39.3560
Published
Nov 01, 2024
Tracked Since
Feb 18, 2026