NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 01 Jul 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Write‑Outside‑Bounds Vulnerability in NVIDIA ConnectX and BlueField Command Interface Leading to Arbitrary Code Execution |
Wed, 01 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device. | |
| Weaknesses | CWE-787 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: nvidia
Published:
Updated: 2026-07-01T16:03:30.696Z
Reserved: 2025-01-14T01:07:21.737Z
Link: CVE-2025-23350
Updated: 2026-07-01T16:03:27.311Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T18:30:15Z
Weaknesses