Skip to main content

NVIDIA ConnectX CVE-2025-23351

| EUVDEUVD-2025-210397 CRITICAL
Out-of-bounds Write (CWE-787)
2026-07-01 nvidia GHSA-w84c-442r-cwr7
9.0
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
9.0 CRITICAL
AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Description specifies a local user with VF access so AV:L and PR:L; crafted input is simple (AC:L), device code execution breaks VF isolation (S:C) with full C/I/A impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 15:59 vuln.today

DescriptionCVE.org

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

AnalysisAI

Out-of-bounds write in the command interface of NVIDIA ConnectX SmartNICs and BlueField DPUs allows a local user holding virtual function (VF) access - typically a tenant inside a guest VM - to corrupt device memory via crafted input and potentially achieve arbitrary code execution on the network device itself. Because the CVSS scope is Changed (S:C), a successful exploit crosses the VF isolation boundary and threatens the host and other tenants, making this a serious multi-tenant/cloud isolation-breakout risk. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Technical ContextAI

ConnectX (including ConnectX-4 and ConnectX-4 Lx) and BlueField are Mellanox-derived high-speed Ethernet/InfiniBand adapters and data processing units (DPUs) widely used for SR-IOV virtualization, where a single physical adapter is partitioned into many virtual functions (VFs) that are directly assigned to guest VMs or containers. The flaw is a CWE-787 (Out-of-bounds Write) in the firmware/hardware command interface that a VF uses to communicate with the device; the interface fails to validate crafted input lengths or offsets, permitting a write past the intended buffer. This is a classic memory-corruption/buffer-overflow primitive, but at the firmware/device level rather than in host OS software, so a successful write can subvert the device's own execution context and, given the changed scope, the trust boundary between the guest VF and the physical function/host.

RemediationAI

Patch available per vendor advisory - apply the fixed firmware/driver builds published by NVIDIA in advisory 5699 (https://github.com/NVIDIA/product-security/tree/main/2026/5699) for your specific ConnectX/BlueField release train (GA or LTS22/LTS23/LTS24); exact fixed version numbers are not included in the provided data and must be taken from that advisory. Because the input does not confirm an exact patched version string, treat the advisory as authoritative and match your firmware branch precisely. Where immediate firmware update is not feasible, reduce exposure by limiting which tenants are granted SR-IOV virtual functions and restricting VF assignment to trusted workloads only - the trade-off is loss of the performance benefit of direct VF passthrough for those guests, potentially forcing use of para-virtualized or software-emulated NICs. Additionally, isolate untrusted VMs onto hosts without shared physical functions and monitor firmware/device logs for anomalous command-interface activity until patched.

Share

CVE-2025-23351 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy