Description
NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High
Affected products
- NVIDIA / ConnectX-4All versions prior to 12.28.2704 – All versions prior to 12.28.2704
- NVIDIA / ConnectX-4 LXAll versions prior to 14.32.1908 – All versions prior to 14.32.1908
- NVIDIA / ConnectX GAAll versions prior to 45.1020 – All versions prior to 45.1020
- NVIDIA / ConnectX LTS22All versions prior to 35.4554 – All versions prior to 35.4554
- NVIDIA / ConnectX LTS23All versions prior to 39.5050 – All versions prior to 39.5050
- NVIDIA / ConnectX LTS24All versions prior to 43.3608 – All versions prior to 43.3608