Vulnerability Description
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Bluefield 1 Firmware | >= 18.24.1000 |
| Nvidia | Bluefield 1 | - |
| Nvidia | Bluefield 2 Lts Firmware | < 24.35.3006 |
| Nvidia | Bluefield 2 Lts | - |
| Nvidia | Bluefield 2 Ga Firmware | < 24.38.1002 |
| Nvidia | Bluefield 2 Ga | - |
| Nvidia | Bluefield 3 Ga Firmware | < 32.38.1002 |
| Nvidia | Bluefield 3 Ga | - |
Related Weaknesses (CWE)
References
- https://https://nvidia.custhelp.com/app/answers/detail/a_id/5479Broken Link
- https://nvidia.custhelp.com/app/answers/detail/a_id/5479Vendor Advisory
- https://https://nvidia.custhelp.com/app/answers/detail/a_id/5479Broken Link
FAQ
What is CVE-2023-25519?
CVE-2023-25519 is a vulnerability with a CVSS score of 7.8 (HIGH). NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulner...
How severe is CVE-2023-25519?
CVE-2023-25519 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25519?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Bluefield 1 Firmware, Nvidia Bluefield 1, Nvidia Bluefield 2 Lts Firmware, Nvidia Bluefield 2 Lts, Nvidia Bluefield 2 Ga Firmware.