Description
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
High
Affected products
- NVIDIA / BlueField 1All versions prior to 18.31.1014 – All versions prior to 18.31.1014
- NVIDIA / BlueField GAAll versions prior to xx.41.1000 – All versions prior to xx.41.1000
- NVIDIA / BlueField LTS22All versions prior to xx.35.4030 – All versions prior to xx.35.4030
- NVIDIA / BlueField LTS23All versions prior to xx.39.3560 – All versions prior to xx.39.3560