CVE-2025-23351

Summary

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

Affected Software

VendorProductVersion RangeStatus
NVIDIABlueField GAAll versions prior to 46.3008affected
NVIDIABlueField LTS22All versions prior to 35.8002affected
NVIDIABlueField LTS23All versions prior to 39.8002affected
NVIDIABlueField LTS24All versions prior to 43.8002affected
NVIDIAConnectX GAAll versions prior to 46.3008affected
NVIDIAConnectX LTS22All versions prior to 35.8002affected
NVIDIAConnectX LTS23All versions prior to 39.8002affected
NVIDIAConnectX LTS24All versions prior to 43.8002affected
NVIDIAConnectX-4All versions prior to 28.4702affected
NVIDIAConnectX-4 LXAll versions prior to 32.1908affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References