CVE-2024-0105 — Improper Handling of Insufficient Privileges in Nvidia Bluefield 1

CWE-274 — Improper Handling of Insufficient Privileges3 documents3 sources

Severity

8.9HIGHNVD

EPSS

0.1%

top 75.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Bluefield 1 Nvidia Bluefield GA Nvidia Bluefield Lts22 +6 more

Timeline

PublishedNov 1

Description

NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages9 packages

▶CVEListV5nvidia/connectx4All versions prior to 12.28.2302

▶CVEListV5nvidia/connectx_gaAll versions prior to xx.41.1000

▶CVEListV5nvidia/connectx4_lxAll versions prior to xx.32.1900

▶CVEListV5nvidia/connectx_lts22All versions prior to xx.35.4030

▶CVEListV5nvidia/connectx_lts23All versions prior to xx.39.3560

🔴Vulnerability Details

GHSA

GHSA-cp5j-wrwq-37jx: NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue↗2024-11-01

▶

CVEList

CVE-2024-0105: NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue↗2024-11-01

▶