Description
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- NVIDIA / BlueField 1All versions after 18.24.1000 – All versions after 18.24.1000
- NVIDIA / BlueField 2 GAAll versions prior to 24.38.1002 – All versions prior to 24.38.1002
- NVIDIA / BlueField 2 LTSAll versions prior to 24.35.3006 – All versions prior to 24.35.3006
- NVIDIA / BlueField 3 GAAll versions prior to 32.38.1002 – All versions prior to 32.38.1002