CVE-2024-0105

Summary

NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAConnectX4All versions prior to 12.28.2302affected
NVIDIAConnectX4 LXAll versions prior to xx.32.1900affected
NVIDIAConnectX GAAll versions prior to xx.41.1000affected
NVIDIAConnectX LTS22All versions prior to xx.35.4030affected
NVIDIAConnectX LTS23All versions prior to xx.39.3560affected
NVIDIABlueField 1All versions prior to 18.31.1014affected
NVIDIABlueField GAAll versions prior to xx.41.1000affected
NVIDIABlueField LTS22All versions prior to xx.35.4030affected
NVIDIABlueField LTS23All versions prior to xx.39.3560affected

Weaknesses

  • CWE-274: CWE-274

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References