CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
33.1%
NVIDIA has released a security update for NVIDIA ConnectX® firmware. This update addresses issues that may lead to denial of service.
To protect your system, download and install this firmware update from the NVIDIA Networking Support page.
Go to NVIDIA Product Security.
This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.
CVE ID | Description | Base Score | Vector |
---|---|---|---|
CVE‑2023‑0204 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. | 6.5 | CWE-703 |
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H | |||
CVE‑2023‑0203 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | 5.0 | CWE-1220 |
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L | |||
CVE‑2023‑0205 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | 5.0 | CWE-1220 |
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.
The following table lists the NVIDIA products affected, versions affected, and the updated version that includes this security update.
CVE IDs Addressed | Product | Affected Versions | Updated Version |
---|---|---|---|
CVE‑2023‑0203 | |||
CVE‑2023‑0204 | |||
CVE‑2023‑0205 | NVIDIA ConnectX Firmware | All versions prior to 35.1012 | 35.1012 |
NVIDIA thanks Xinhao Kong, Jingrong Chen, Wei Bai, Yechen Xu, Mahmoud Elhaddad, Shachar Raindel, Jitendra Padhye, Alvin R. Lebeck, and Danyang Zhuo for reporting these issues.