NVIDIA ConnectX Firmware Vulnerability Could Lead to Denial of Service and Data Tampering
CVE-2024-0105

8.9HIGH

Key Information:

Vendor: Nvidia
Status: Connectx4; Connectx4 Lx; Connectx Ga; Connectx Lts22
Vendor: CVE Published:; 1 November 2024

Summary

The NVIDIA ConnectX Firmware has a vulnerability that occurs due to improper handling of insufficient privileges. This security flaw can potentially be exploited by malicious actors, leading to severe consequences such as denial of service, the ability to tamper with data, and the risk of limited information disclosure. Organizations utilizing vulnerable versions of ConnectX products should prioritize update and mitigation strategies to safeguard their systems.

Affected Version(s)

BlueField 1 All versions prior to 18.31.1014

BlueField GA BlueField 2 All versions prior to xx.41.1000

BlueField LTS22 BlueField 2 All versions prior to xx.35.4030

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5562

CVSS V3.1

Score:

8.9

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Dec 2, 2023