142 matches found
CVE-2025-23350
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function VF access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device...
CVE-2025-23351
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function VF access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device...
CVE-2025-23351
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function VF access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device...
CVE-2025-23350
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function VF access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device...
Security Bulletin: NVIDIA Networking BlueField and ConnectX - June 2026
NVIDIA has released a software update for NVIDIA® Networking BlueField and ConnectX. To protect your system, download and install the latest NVIDIA firmware. Refer to the Security Updates section for updated versions and download links for each product. Go to NVIDIA Product Security. Details The...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fixed potential integer overflows. The 64-bit argument for the “get DIMM info” SMC call consists of memctrlidx, which is left-shifted by 16 bits and OR-ed with the DIMM index. Since memctrlidx is defined as a 32-b...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/Mellanox: mlxbf-pmc – added sysfsattrinit to countClock initialization. The lock-related debugging logic CONFIGLOCKSTAT in the kernel issues the following warning when the BlueField-3 SOC is booted: BUG: The key...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mlxbf-bootctl: The sysfsemitat function was used in securebootfusestateshow. A warning is displayed when running the latest kernel on a BlueField SOC: 251.512704 ------------ Cut here ------------ 251.512711 Invalid sysfsemit:...
Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-8224-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8224-1 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these...
kernel: Linux kernel (net/mlx5): Use-after-free in ECVF vports unload leads to denial of service
A flaw was found in the Linux kernel's net/mlx5 component. A local user could exploit a use-after-free vulnerability during the shutdown process when embedded chip virtual function ECVF vports are unloaded. This occurs because the vport access control list ACL ingress table is not properly...
kernel: Linux kernel (net/mlx5): Use-after-free in ECVF vports unload leads to denial of service
A flaw was found in the Linux kernel's net/mlx5 component. A local user could exploit a use-after-free vulnerability during the shutdown process when embedded chip virtual function ECVF vports are unloaded. This occurs because the vport access control list ACL ingress table is not properly...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38109)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38109 advisory. - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on...
CVE-2025-23299
NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code...
CVE-2023-25519
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges...
CVE-2023-31037
NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS...
SUSE CVE-2025-40352
In the Linux kernel, the following vulnerability has been resolved: platform/mellanox: mlxbf-pmc: add sysfsattrinit to countclock init The lock-related debug logic CONFIGLOCKSTAT in the kernel is noting the following warning when the BlueField-3 SOC is booted: BUG: key ffff00008a3402a8 has not be...
EUVD-2025-203635
In the Linux kernel, the following vulnerability has been resolved: platform/mellanox: mlxbf-pmc: add sysfsattrinit to countclock init The lock-related debug logic CONFIGLOCKSTAT in the kernel is noting the following warning when the BlueField-3 SOC is booted: BUG: key ffff00008a3402a8 has not be...
CVE-2025-40352
In the Linux kernel, the following vulnerability has been resolved: platform/mellanox: mlxbf-pmc: add sysfsattrinit to countclock init The lock-related debug logic CONFIGLOCKSTAT in the kernel is noting the following warning when the BlueField-3 SOC is booted: BUG: key ffff00008a3402a8 has not be...
PT-2025-51568
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The mlxbf pmc driver in the Linux kernel does not call sysfs attr init during the initialization of the "count clock" data structure. This causes a warning related to lock-related debug...
AI Security: NVIDIA BlueField Now with Vision One™
Launching at NVIDIA GTC 2025 - Transforming AI Security with Trend Vision One™ on NVIDIA BlueField...