CVE-2025-33215 - Vulnerability Details

- VIRTIO-BLK Out-of-Range Pointer Offsets Cause Storage Denial of Service in NVIDIA SNAP-4 Container

Description

NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.

Published: 2026-03-24

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The VIRTIO-BLK component in NVIDIA SNAP-4 Container allows a malicious guest virtual machine to send specially crafted messages that cause an out-of-range pointer offset. This out-of-bounds memory access can break the Direct Physical Access mechanism, leading to a denial of service that affects storage availability for other virtual machines. The flaw is an example of an out-of-bounds memory error (CWE-823) that can result in loss of availability for the hosting system’s storage services.

Affected Systems

The vulnerability affects NVIDIA SNAP-4 Container environments. No specific version range is listed, so all current releases of the container are potentially vulnerable unless NVIDIA publishes a fixed release. No other vendor or product mentions appear in the advisory.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity. EPSS data is unavailable and the issue does not appear in the CISA KEV catalog, suggesting it is not widely exploited at present. The likely attack vector is local to the host, requiring a malicious guest VM with privileged access to the VIRTIO‑BLK device. Once triggered, the denial of service can disrupt storage for all VMs sharing the same host, but remote exploitation appears unlikely based on the description. The threat concentrates in environments where guest VMs can freely interact with the vulnerable component.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NVIDIA

SNAP-4 Container

unaffected

Version	Status	Constraints
`All versions prior to SNAP-4.9.1 and SNAP-4.5.5`	affected	—

No data.

Vendor Product Confidence Versions

Nvidia

Snap-4 Container

100%

Version	Status	Scheme	Platform
`[0,4.5.5)`	affected	semver	['bluefield-3']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest NVIDIA SNAP-4 Container patch or update to a fixed release.
Verify that the container version has been updated to a fixed release.
Isolate or restrict guest virtual machines from interacting with the vulnerable VIRTIO-BLK component until a patch is applied.
Monitor the DPA and storage services for crashes or performance degradation that could indicate exploitation.
Follow NVIDIA’s official advisories and support channels for further guidance.

Generated by OpenCVE AI on March 24, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-33215
https://nvidia.custhelp.com/app/answers/detail/a_id/5744
https://www.cve.org/CVERecord?id=CVE-2025-33215

History

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		VIRTIO-BLK Out-of-Range Pointer Offsets Cause Storage Denial of Service in NVIDIA SNAP-4 Container

Wed, 25 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nvidia Nvidia snap-4 Container
Vendors & Products		Nvidia Nvidia snap-4 Container

Tue, 24 Mar 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 24 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.
Weaknesses		CWE-823
References		https://nvd.nist.gov/vuln/detail/CVE-2025-33215 https://nvidia.custhelp.com/app/answers/detail/a_id/5744 https://www.cve.org/CVERecord?id=CVE-2025-33215
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}`

Subscriptions

Nvidia Snap-4 Container

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2026-03-24T20:21:18.740Z

Updated: 2026-03-24T20:55:26.873Z

Reserved: 2025-04-15T18:51:06.123Z

Link: CVE-2025-33215

Vulnrichment

Updated: 2026-03-24T20:53:34.869Z

NVD

Status : Awaiting Analysis

Published: 2026-03-24T21:16:23.677

Modified: 2026-03-25T15:41:58.280

Link: CVE-2025-33215

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-25T20:57:33Z

Weaknesses

CWE-823

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object