NVIDIA ConnectX Firmware Vulnerability Could Lead to Denial of Service and Data Tampering
CVE-2024-0105
8.9HIGH
Key Information
- Vendor
- Nvidia
- Status
- Connectx4
- Connectx4 Lx
- Connectx Ga
- Connectx Lts22
- Vendor
- CVE Published:
- 1 November 2024
Summary
NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
Affected Version(s)
ConnectX4 = All versions prior to 12.28.2302
ConnectX4 LX = All versions prior to xx.32.1900
ConnectX GA = All versions prior to xx.41.1000
CVSS V3.1
Score:
8.9
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database