CVE-2023-0203 — Insufficient Granularity of Access Control in Nvidia Connectx Firmware

CWE-1220 — Insufficient Granularity of Access Control3 documents3 sources

Severity

7.7HIGHNVD

CNA5.0

EPSS

0.1%

top 81.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Connectx Firmware Nvidia Connectx Firmware

Timeline

PublishedApr 22

Description

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

▶NVDnvidia/connectx_firmware< 35.1012

▶CVEListV5nvidia/nvidia_connectx_firmwareAll versions prior to 35.1012

🔴Vulnerability Details

CVEList

CVE-2023-0203: NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granu↗2023-04-22

▶

GHSA

GHSA-9hf4-r86q-ffr6: NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granu↗2023-04-22

▶