User Management Error in NVIDIA ConnectX Host Firmware for BlueField Data Processing Unit
CVE-2023-25519

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Bluefield 1; Bluefield 2 Lts; Bluefield 2 Ga; Bluefield 3 Ga
Vendor: CVE Published:; 12 September 2023

Summary

The NVIDIA ConnectX Host Firmware utilized in BlueField Data Processing Units is affected by a vulnerability that permits a restricted host to trigger an erroneous user management process. This flaw creates a potential pathway for privilege escalation, allowing unauthorized users to gain access to higher privileges than intended within the system.

Affected Version(s)

BlueField 1 All versions after 18.24.1000

BlueField 2 GA All versions prior to 24.38.1002

BlueField 2 LTS All versions prior to 24.35.3006

References

https://https://nvidia.custhelp.com/app/answers/detail/a_...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Feb 7, 2023