Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities found for BlueField GA by NVIDIA

    CVE-2025-23351 (GCVE-0-2025-23351)

    Vulnerability from nvd – Published: 2026-07-01 14:39 – Updated: 2026-07-01 16:03
    VLAI
    Summary
    NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX-4 Affected: All versions prior to 28.4702
    Create a notification for this product.
    NVIDIA ConnectX-4 LX Affected: All versions prior to 32.1908
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:03:00.538625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:03:10.537Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(46)",
                "BlueField-3(46)"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(35)"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(39)",
                "BlueField-3(39)"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(43)",
                "BlueField-3(43)"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5*",
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A(28)"
              ],
              "product": "ConnectX-4",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 28.4702"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A(32)"
              ],
              "product": "ConnectX-4 LX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 32.1908"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
                }
              ],
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:39:03.200Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23351"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23351"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23351",
        "datePublished": "2026-07-01T14:39:03.200Z",
        "dateReserved": "2025-01-14T01:07:21.737Z",
        "dateUpdated": "2026-07-01T16:03:10.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23350 (GCVE-0-2025-23350)

    Vulnerability from nvd – Published: 2026-07-01 14:36 – Updated: 2026-07-01 16:03
    VLAI
    Summary
    NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23350",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:03:24.450922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:03:30.696Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(46)",
                "BlueField-3(46)"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(35)"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(39)",
                "BlueField-3(39)"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(43)",
                "BlueField-3(43)"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5*",
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
                }
              ],
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:36:19.755Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23350"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23350"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23350",
        "datePublished": "2026-07-01T14:36:19.755Z",
        "dateReserved": "2025-01-14T01:07:21.737Z",
        "dateUpdated": "2026-07-01T16:03:30.696Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23299 (GCVE-0-2025-23299)

    Vulnerability from nvd – Published: 2025-10-22 15:14 – Updated: 2025-10-22 17:54
    VLAI
    Summary
    NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.1006
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.4554
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.5050
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.3608
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.1006
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.4554
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.5050
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.3608
    Create a notification for this product.
    NVIDIA ConnectX-4 LX Affected: All versions prior to 32.1908
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-22T17:53:56.225836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T17:54:09.412Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BludField-3"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.1006"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.4554"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.5050"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.3608"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.1006"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5",
                "ConnectX-6",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.4554"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.5050"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.3608"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A"
              ],
              "product": "ConnectX-4 LX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 32.1908"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code."
                }
              ],
              "value": "NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-22T15:14:10.015Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23299"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23299"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5684"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23299",
        "datePublished": "2025-10-22T15:14:10.015Z",
        "dateReserved": "2025-01-14T01:06:26.350Z",
        "dateUpdated": "2025-10-22T17:54:09.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23256 (GCVE-0-2025-23256)

    Vulnerability from nvd – Published: 2025-09-04 15:50 – Updated: 2025-09-04 18:58
    VLAI
    Summary
    NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 45.1020
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.4554
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.5050
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.3608
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23256",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T18:52:03.269950Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-04T18:58:08.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 45.1020"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.4554"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.5050"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.3608"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
                }
              ],
              "value": "NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Escalation of privileges, denial of service, information disclosure, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-04T15:50:50.490Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23256"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23256"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5655"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23256",
        "datePublished": "2025-09-04T15:50:50.490Z",
        "dateReserved": "2025-01-14T01:06:22.262Z",
        "dateUpdated": "2025-09-04T18:58:08.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0106 (GCVE-0-2024-0106)

    Vulnerability from nvd – Published: 2024-11-01 05:53 – Updated: 2024-11-01 14:14
    VLAI
    Summary
    NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField 1 Affected: All versions prior to 18.31.1014
    Create a notification for this product.
    NVIDIA BlueField GA Affected: All versions prior to xx.41.1000
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to xx.35.4030
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to xx.39.3560
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T14:02:24.208333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T14:14:53.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BlueField 1",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 18.31.1014"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2",
                "BlueField 3"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.41.1000"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.35.4030"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2",
                "BlueField 3"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.39.3560"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Data tampering, denial of service, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-274",
                  "description": "CWE-274",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-01T05:53:31.345Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5562"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2024-0106",
        "datePublished": "2024-11-01T05:53:31.345Z",
        "dateReserved": "2023-12-02T00:42:16.005Z",
        "dateUpdated": "2024-11-01T14:14:53.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0105 (GCVE-0-2024-0105)

    Vulnerability from nvd – Published: 2024-11-01 05:36 – Updated: 2024-11-01 14:17
    VLAI
    Summary
    NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA ConnectX4 Affected: All versions prior to 12.28.2302
    Create a notification for this product.
    NVIDIA ConnectX4 LX Affected: All versions prior to xx.32.1900
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to xx.41.1000
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to xx.35.4030
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to xx.39.3560
    Create a notification for this product.
    NVIDIA BlueField 1 Affected: All versions prior to 18.31.1014
    Create a notification for this product.
    NVIDIA BlueField GA Affected: All versions prior to xx.41.1000
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to xx.35.4030
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to xx.39.3560
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0105",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T14:16:56.978053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T14:17:06.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ConnectX4",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 12.28.2302"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ConnectX4 LX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.32.1900"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX 6",
                "ConnectX 6 DX",
                "ConnectX 6 LX",
                "ConnectX 7"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.41.1000"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX 5",
                "ConnectX 6",
                "ConnectX 6 DX",
                "ConnectX 6 LX",
                "ConnectX 7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.35.4030"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX 6",
                "ConnectX 6 DX",
                "ConnectX 6 LX",
                "ConnectX 7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.39.3560"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BlueField 1",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 18.31.1014"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2",
                "BlueField 3"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.41.1000"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.35.4030"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2",
                "BlueField 3"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.39.3560"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.\u003c/span\u003e"
                }
              ],
              "value": "NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, data tampering, and limited information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-274",
                  "description": "CWE-274",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-01T05:36:06.601Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5562"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2024-0105",
        "datePublished": "2024-11-01T05:36:06.601Z",
        "dateReserved": "2023-12-02T00:42:15.099Z",
        "dateUpdated": "2024-11-01T14:17:06.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23351 (GCVE-0-2025-23351)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:39 – Updated: 2026-07-01 16:03
    VLAI
    Summary
    NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX-4 Affected: All versions prior to 28.4702
    Create a notification for this product.
    NVIDIA ConnectX-4 LX Affected: All versions prior to 32.1908
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:03:00.538625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:03:10.537Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(46)",
                "BlueField-3(46)"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(35)"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(39)",
                "BlueField-3(39)"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(43)",
                "BlueField-3(43)"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5*",
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A(28)"
              ],
              "product": "ConnectX-4",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 28.4702"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A(32)"
              ],
              "product": "ConnectX-4 LX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 32.1908"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
                }
              ],
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:39:03.200Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23351"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23351"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23351",
        "datePublished": "2026-07-01T14:39:03.200Z",
        "dateReserved": "2025-01-14T01:07:21.737Z",
        "dateUpdated": "2026-07-01T16:03:10.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23350 (GCVE-0-2025-23350)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:36 – Updated: 2026-07-01 16:03
    VLAI
    Summary
    NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23350",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:03:24.450922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:03:30.696Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(46)",
                "BlueField-3(46)"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(35)"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(39)",
                "BlueField-3(39)"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(43)",
                "BlueField-3(43)"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5*",
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
                }
              ],
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:36:19.755Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23350"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23350"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23350",
        "datePublished": "2026-07-01T14:36:19.755Z",
        "dateReserved": "2025-01-14T01:07:21.737Z",
        "dateUpdated": "2026-07-01T16:03:30.696Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23299 (GCVE-0-2025-23299)

    Vulnerability from cvelistv5 – Published: 2025-10-22 15:14 – Updated: 2025-10-22 17:54
    VLAI
    Summary
    NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.1006
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.4554
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.5050
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.3608
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.1006
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.4554
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.5050
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.3608
    Create a notification for this product.
    NVIDIA ConnectX-4 LX Affected: All versions prior to 32.1908
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-22T17:53:56.225836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T17:54:09.412Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BludField-3"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.1006"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.4554"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.5050"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.3608"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.1006"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5",
                "ConnectX-6",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.4554"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.5050"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.3608"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A"
              ],
              "product": "ConnectX-4 LX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 32.1908"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code."
                }
              ],
              "value": "NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-22T15:14:10.015Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23299"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23299"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5684"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23299",
        "datePublished": "2025-10-22T15:14:10.015Z",
        "dateReserved": "2025-01-14T01:06:26.350Z",
        "dateUpdated": "2025-10-22T17:54:09.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23256 (GCVE-0-2025-23256)

    Vulnerability from cvelistv5 – Published: 2025-09-04 15:50 – Updated: 2025-09-04 18:58
    VLAI
    Summary
    NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 45.1020
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.4554
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.5050
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.3608
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23256",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T18:52:03.269950Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-04T18:58:08.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 45.1020"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.4554"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.5050"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2",
                "BlueField-3"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.3608"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
                }
              ],
              "value": "NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Escalation of privileges, denial of service, information disclosure, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-04T15:50:50.490Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23256"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23256"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5655"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23256",
        "datePublished": "2025-09-04T15:50:50.490Z",
        "dateReserved": "2025-01-14T01:06:22.262Z",
        "dateUpdated": "2025-09-04T18:58:08.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0106 (GCVE-0-2024-0106)

    Vulnerability from cvelistv5 – Published: 2024-11-01 05:53 – Updated: 2024-11-01 14:14
    VLAI
    Summary
    NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField 1 Affected: All versions prior to 18.31.1014
    Create a notification for this product.
    NVIDIA BlueField GA Affected: All versions prior to xx.41.1000
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to xx.35.4030
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to xx.39.3560
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T14:02:24.208333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T14:14:53.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BlueField 1",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 18.31.1014"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2",
                "BlueField 3"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.41.1000"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.35.4030"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2",
                "BlueField 3"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.39.3560"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Data tampering, denial of service, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-274",
                  "description": "CWE-274",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-01T05:53:31.345Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5562"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2024-0106",
        "datePublished": "2024-11-01T05:53:31.345Z",
        "dateReserved": "2023-12-02T00:42:16.005Z",
        "dateUpdated": "2024-11-01T14:14:53.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0105 (GCVE-0-2024-0105)

    Vulnerability from cvelistv5 – Published: 2024-11-01 05:36 – Updated: 2024-11-01 14:17
    VLAI
    Summary
    NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA ConnectX4 Affected: All versions prior to 12.28.2302
    Create a notification for this product.
    NVIDIA ConnectX4 LX Affected: All versions prior to xx.32.1900
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to xx.41.1000
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to xx.35.4030
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to xx.39.3560
    Create a notification for this product.
    NVIDIA BlueField 1 Affected: All versions prior to 18.31.1014
    Create a notification for this product.
    NVIDIA BlueField GA Affected: All versions prior to xx.41.1000
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to xx.35.4030
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to xx.39.3560
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0105",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T14:16:56.978053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T14:17:06.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ConnectX4",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 12.28.2302"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ConnectX4 LX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.32.1900"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX 6",
                "ConnectX 6 DX",
                "ConnectX 6 LX",
                "ConnectX 7"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.41.1000"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX 5",
                "ConnectX 6",
                "ConnectX 6 DX",
                "ConnectX 6 LX",
                "ConnectX 7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.35.4030"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX 6",
                "ConnectX 6 DX",
                "ConnectX 6 LX",
                "ConnectX 7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.39.3560"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BlueField 1",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 18.31.1014"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2",
                "BlueField 3"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.41.1000"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.35.4030"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField 2",
                "BlueField 3"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to xx.39.3560"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.\u003c/span\u003e"
                }
              ],
              "value": "NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, data tampering, and limited information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-274",
                  "description": "CWE-274",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-01T05:36:06.601Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5562"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2024-0105",
        "datePublished": "2024-11-01T05:36:06.601Z",
        "dateReserved": "2023-12-02T00:42:15.099Z",
        "dateUpdated": "2024-11-01T14:17:06.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }