CVE-2023-0205

CWE-12203 documents3 sources

Severity

7.7HIGH

EPSS

0.1%

top 81.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Connectx Firmware Nvidia Nvidia Connectx Firmware

Timeline

PublishedApr 22

Description

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:LExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

▶NVDnvidia/connectx_firmware< 35.1012

▶CVEListV5nvidia/nvidia_connectx_firmwareAll versions prior to 35.1012

🔴Vulnerability Details

CVEList

CVE-2023-0205: NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granu↗2023-04-22

▶

GHSA

GHSA-prwg-9hmq-gj4j: NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granu↗2023-04-22

▶