CVE-2023-25519

Summary

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. 

Affected Software

VendorProductVersion RangeStatus
NVIDIABlueField 1All versions after 18.24.1000affected
NVIDIABlueField 2 LTSAll versions prior to 24.35.3006affected
NVIDIABlueField 2 GAAll versions prior to 24.38.1002affected
NVIDIABlueField 3 GAAll versions prior to 32.38.1002affected

Weaknesses

  • CWE-286: CWE-286

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References