Severity by source
AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description specifies a local user with VF access so AV:L and PR:L; crafted input is simple (AC:L), device code execution breaks VF isolation (S:C) with full C/I/A impact.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
Articles & Coverage 2
AnalysisAI
Out-of-bounds write in the command interface of NVIDIA ConnectX SmartNICs and BlueField DPUs allows a local user holding virtual function (VF) access - typically a tenant inside a guest VM - to corrupt device memory via crafted input and potentially achieve arbitrary code execution on the network device itself. Because the CVSS scope is Changed (S:C), a successful exploit crosses the VF isolation boundary and threatens the host and other tenants, making this a serious multi-tenant/cloud isolation-breakout risk. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Technical ContextAI
ConnectX (including ConnectX-4 and ConnectX-4 Lx) and BlueField are Mellanox-derived high-speed Ethernet/InfiniBand adapters and data processing units (DPUs) widely used for SR-IOV virtualization, where a single physical adapter is partitioned into many virtual functions (VFs) that are directly assigned to guest VMs or containers. The flaw is a CWE-787 (Out-of-bounds Write) in the firmware/hardware command interface that a VF uses to communicate with the device; the interface fails to validate crafted input lengths or offsets, permitting a write past the intended buffer. This is a classic memory-corruption/buffer-overflow primitive, but at the firmware/device level rather than in host OS software, so a successful write can subvert the device's own execution context and, given the changed scope, the trust boundary between the guest VF and the physical function/host.
RemediationAI
Patch available per vendor advisory - apply the fixed firmware/driver builds published by NVIDIA in advisory 5699 (https://github.com/NVIDIA/product-security/tree/main/2026/5699) for your specific ConnectX/BlueField release train (GA or LTS22/LTS23/LTS24); exact fixed version numbers are not included in the provided data and must be taken from that advisory. Because the input does not confirm an exact patched version string, treat the advisory as authoritative and match your firmware branch precisely. Where immediate firmware update is not feasible, reduce exposure by limiting which tenants are granted SR-IOV virtual functions and restricting VF assignment to trusted workloads only - the trade-off is loss of the performance benefit of direct VF passthrough for those guests, potentially forcing use of para-virtualized or software-emulated NICs. Additionally, isolate untrusted VMs onto hosts without shared physical functions and monitor firmware/device logs for anomalous command-interface activity until patched.
More in Bluefield Ga
View allSame weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210397
GHSA-w84c-442r-cwr7