CVE-2024-0106

Summary

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIABlueField 1All versions prior to 18.31.1014affected
NVIDIABlueField GAAll versions prior to xx.41.1000affected
NVIDIABlueField LTS22All versions prior to xx.35.4030affected
NVIDIABlueField LTS23All versions prior to xx.39.3560affected

Weaknesses

  • CWE-274: CWE-274

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References