NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Write‑Outside‑Bounds Vulnerability in NVIDIA ConnectX and BlueField Command Interface Leading to Arbitrary Code Execution |
Wed, 01 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device. | |
| Weaknesses | CWE-787 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: nvidia
Published:
Updated: 2026-07-01T16:03:30.696Z
Reserved: 2025-01-14T01:07:21.737Z
Link: CVE-2025-23350
Updated: 2026-07-01T16:03:27.311Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T18:30:15Z