CVE-2023-0204

CWE-703 CWE-755 — Improper Exception Handling3 documents3 sources

Severity

7.7HIGH

EPSS

0.2%

top 61.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Connectx Firmware Nvidia Nvidia Connectx Firmware

Timeline

PublishedApr 22

Description

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

▶NVDnvidia/connectx_firmware< 35.1012

▶CVEListV5nvidia/nvidia_connectx_firmwareAll versions prior to 35.1012

🔴Vulnerability Details

CVEList

CVE-2023-0204: NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of↗2023-04-22

▶

GHSA

GHSA-w8gr-qr68-9pm5: NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of↗2023-04-22

▶