NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device. | |
| Weaknesses | CWE-787 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: nvidia
Published:
Updated: 2026-07-01T16:03:10.537Z
Reserved: 2025-01-14T01:07:21.737Z
Link: CVE-2025-23351
Updated: 2026-07-01T16:03:06.715Z
No data.
No data.
OpenCVE Enrichment
No data.