PT-2026-54608 · Nvidia · Connect+1

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2025-23350

CVSS v3.1

9.0

Critical

VectorAV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NVIDIA ConnectX (affected versions not specified) NVIDIA BlueField (affected versions not specified)
Description A flaw exists in the command interface of the device reachable from a Virtual Function (VF) context. A local user with VF privileges, such as a tenant VM or container assigned a VF via Single Root I/O Virtualization (SR-IOV), can trigger an out-of-bounds write by providing crafted command input. This occurs due to improper bounds checking, which may allow the attacker to corrupt device memory and achieve arbitrary code execution on the NIC/DPU. This could lead to device compromise, cross-tenant impact, and disruption of network or storage offload operations.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-23350

Affected Products

Bluefield
Connect