PT-2023-16084 · Nvidia · Nvidia Connectx6-Dx+2
Alvin R. Lebeck
+8
·
Published
2023-04-22
·
Updated
2023-05-02
·
CVE-2023-0205
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
NVIDIA ConnectX-5 (affected versions not specified)
NVIDIA ConnectX-6 (affected versions not specified)
NVIDIA ConnectX6-DX (affected versions not specified)
Description
The issue is related to insufficient granularity of access control in the NIC firmware, which can be exploited by an unprivileged user to potentially cause a denial of service.
Recommendations
For NVIDIA ConnectX-5, update to a version that addresses the insufficient access control granularity issue.
For NVIDIA ConnectX-6, update to a version that addresses the insufficient access control granularity issue.
For NVIDIA ConnectX6-DX, update to a version that addresses the insufficient access control granularity issue.
As a temporary workaround, consider restricting access to the NIC firmware to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nvidia Connectx-5
Nvidia Connectx-6
Nvidia Connectx6-Dx