Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5459
HistoryApr 18, 2023 - 12:00 a.m.

Security Bulletin: NVIDIA ConnectX - April 2023

2023-04-1800:00:00
nvidia.custhelp.com
9
nvidia
connectx firmware
security update
denial of service
firmware update
networking support
vulnerability
cve
nic firmware
risk assessment

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

33.1%

JSON

NVIDIA has released a security update for NVIDIA ConnectX® firmware. This update addresses issues that may lead to denial of service.

To protect your system, download and install this firmware update from the NVIDIA Networking Support page.

Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

CVE ID Description Base Score Vector
CVE‑2023‑0204 NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. 6.5 CWE-703
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE‑2023‑0203 NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. 5.0 CWE-1220
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVE‑2023‑0205 NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. 5.0 CWE-1220
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA products affected, versions affected, and the updated version that includes this security update.

CVE IDs Addressed Product Affected Versions Updated Version
CVE‑2023‑0203
CVE‑2023‑0204
CVE‑2023‑0205 NVIDIA ConnectX Firmware All versions prior to 35.1012 35.1012

Notes

  • Earlier firmware releases that support this product are also affected. If you are using an earlier release, upgrade to the latest release version.

Acknowledgements

NVIDIA thanks Xinhao Kong, Jingrong Chen, Wei Bai, Yechen Xu, Mahmoud Elhaddad, Shachar Raindel, Jitendra Padhye, Alvin R. Lebeck, and Danyang Zhuo for reporting these issues.

CPENameOperatorVersion
nvidia connectx firmwarelt35.1012

Related

nvd 3
prion 3
cvelist 3
cve 3
nvd
nvd
CVE-2023-0203
2023-04-22 03:15:09
CVE-2023-0205
2023-04-22 03:15:09
CVE-2023-0204
2023-04-22 03:15:09
prion
prion
Improper access control
2023-04-22 03:15:00
Improper access control
2023-04-22 03:15:00
Design/Logic Flaw
2023-04-22 03:15:00
cvelist
cvelist
CVE-2023-0203
2023-04-22 02:24:15
CVE-2023-0205
2023-04-22 02:26:35
CVE-2023-0204
2023-04-22 02:24:54
cve
cve
CVE-2023-0203
2023-04-22 03:15:09
CVE-2023-0205
2023-04-22 03:15:09
CVE-2023-0204
2023-04-22 03:15:09

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

33.1%

JSON
Related for NVIDIA:5459
nvd3prion3cvelist3cve3