Description
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
Published: 2026-07-01
Score: 9 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in the command interface of NVIDIA ConnectX and BlueField devices that can be triggered by a local user with virtual function (VF) access. By supplying carefully crafted input, the attacker can cause the target to overwrite memory beyond its intended bounds, enabling arbitrary code execution on the device. This flaw falls under the buffer overflow family (CWE‑787) and permits the attacker to gain full control of the affected subsystem.

Affected Systems

Affected products include NVIDIA BlueField GA, LTS22, LTS23, LTS24 and NVIDIA ConnectX GA, LTS22, LTS23, LTS24, ConnectX‑4, and ConnectX‑4 LX. The flaw requires local user privileges that can manage a virtual function – a capability typically assigned to trusted administrators or management software.

Risk and Exploitability

Based on the description, it is inferred that the likely attack vector is local; an attacker who can configure or send commands to a VF on the device can exploit the write‑out‑of‑bounds vulnerability, potentially leading to full device compromise. The CVSS score of 9.0 marks the issue as critical, though the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. While no public exploit has been disclosed, the severity and the local nature of the required foothold make this a high‑risk threat for environments that enable VF usage.

Generated by OpenCVE AI on July 1, 2026 at 19:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA firmware or driver update that addresses the out‑of‑bounds write in the VF command interface.
  • If an update is not yet available, revoke or tightly restrict VF access for untrusted local users to reduce the attack surface.
  • Ensure only privileged, authenticated management tools can create or configure virtual functions, and audit such configuration for unauthorized changes.
  • Monitor device logs for anomalous command activity that may indicate exploitation attempts.

Generated by OpenCVE AI on July 1, 2026 at 19:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Title VF Command Interface Out‑of‑Bounds Write Enables Local Arbitrary Code Execution

Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Description NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-07-01T16:03:10.537Z

Reserved: 2025-01-14T01:07:21.737Z

Link: CVE-2025-23351

cve-icon Vulnrichment

Updated: 2026-07-01T16:03:06.715Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T19:45:04Z

Weaknesses