NVIDIA BlueField DPU Vulnerability Could Lead to Denial of Service, Data Tampering, and Limited Information Disclosure
CVE-2024-0106

8.7HIGH

Key Information:

Vendor: Nvidia
Status: Bluefield 1; Bluefield Ga; Bluefield Lts22; Bluefield Lts23
Vendor: CVE Published:; 1 November 2024

Summary

The NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability related to improper privilege handling. This issue could allow attackers to exploit the system, resulting in disruptions such as denial of service, potential data tampering, and limited information disclosure. Addressing this security risk is crucial for maintaining the integrity and availability of systems utilizing NVIDIA technology.

Affected Version(s)

BlueField 1 All versions prior to 18.31.1014

BlueField GA BlueField 2 All versions prior to xx.41.1000

BlueField LTS22 BlueField 2 All versions prior to xx.35.4030

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5562

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Dec 2, 2023