Access Control Vulnerabilities in NVIDIA ConnectX Network Interface Cards
CVE-2023-0205

5MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Connectx Firmware
Vendor: CVE Published:; 22 April 2023

Summary

NVIDIA's ConnectX-5, ConnectX-6, and ConnectX6-DX models are affected by a vulnerability in the NIC firmware that allows unprivileged users to exploit insufficient granularity of access control. This may result in a denial of service, compromising the functionality of the affected network interfaces. It is critical for users to evaluate their environment and apply recommended security measures as outlined in NVIDIA's response to this issue, ensuring that their systems remain secure.

Affected Version(s)

NVIDIA ConnectX Firmware All versions prior to 35.1012

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5459

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 22, 2023
Vulnerability Reserved
Jan 11, 2023