CVE-2025-23351 PUBLISHED

Assigner: nvidia
Reserved: 14.01.2025 Published: 01.07.2026 Updated: 01.07.2026

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

Metrics

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9

Product Status

Vendor NVIDIA
Product BlueField GA
Versions Default: unaffected
  • Version All versions prior to 46.3008 is affected
Vendor NVIDIA
Product BlueField LTS22
Versions Default: unaffected
  • Version All versions prior to 35.8002 is affected
Vendor NVIDIA
Product BlueField LTS23
Versions Default: unaffected
  • Version All versions prior to 39.8002 is affected
Vendor NVIDIA
Product BlueField LTS24
Versions Default: unaffected
  • Version All versions prior to 43.8002 is affected
Vendor NVIDIA
Product ConnectX GA
Versions Default: unaffected
  • Version All versions prior to 46.3008 is affected
Vendor NVIDIA
Product ConnectX LTS22
Versions Default: unaffected
  • Version All versions prior to 35.8002 is affected
Vendor NVIDIA
Product ConnectX LTS23
Versions Default: unaffected
  • Version All versions prior to 39.8002 is affected
Vendor NVIDIA
Product ConnectX LTS24
Versions Default: unaffected
  • Version All versions prior to 43.8002 is affected
Vendor NVIDIA
Product ConnectX-4
Versions Default: unaffected
  • Version All versions prior to 28.4702 is affected
Vendor NVIDIA
Product ConnectX-4 LX
Versions Default: unaffected
  • Version All versions prior to 32.1908 is affected

References

Problem Types

  • CWE-787 Out-of-bounds Write CWE

Impacts

  • Code execution