CVE-2025-23259

Summary

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface.

Affected Software

VendorProductVersion RangeStatus
NVIDIAMellanox DPDK 22.11All versions prior to 22.11_2504.1.0affected
NVIDIAMellanox DPDK 22.11All versions prior to 22.11_2410 LTSaffected
NVIDIAMellanox DPDK 22.11All versions prior to 22.11_2310 LTSaffected
NVIDIAMellanox DPDK 20.11All versions prior to 20.11_7.8.0 LTSaffected
NVIDIAUpstream DPDKAll versions prior to 25.07affected
NVIDIAUpstream DPDKAll versions prior to 24.11.3 LTSaffected
NVIDIAUpstream DPDKAll versions prior to 23.11.5 LTSaffected
NVIDIAUpstream DPDKAll versions prior to 22.11.10 LTSaffected

Weaknesses

  • CWE-362: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References