CVE-2024-0106

CWE-2743 documents3 sources

Severity

8.7HIGH

EPSS

0.1%

top 79.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Bluefield 1 Nvidia Bluefield GA Nvidia Bluefield Lts22 +1 more

Timeline

PublishedNov 1

Description

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5nvidia/bluefield_1All versions prior to 18.31.1014

▶CVEListV5nvidia/bluefield_gaAll versions prior to xx.41.1000

▶CVEListV5nvidia/bluefield_lts22All versions prior to xx.35.4030

▶CVEListV5nvidia/bluefield_lts23All versions prior to xx.39.3560

🔴Vulnerability Details

GHSA

GHSA-83qc-96jm-c5q7: NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling o↗2024-11-01

▶

CVEList

CVE-2024-0106: NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling o↗2024-11-01

▶