Description
NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.
Published: 2026-03-24
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service and Data Integrity Compromise
Action: Immediate Patch
AI Analysis

Impact

NVIDIA’s B300 MCU houses a CX8 microcontroller unit that can be exploited by a malicious actor to alter unsupported registry entries, producing a bad state. This manipulation can lead to both interruption of service and alteration of critical data stored within the MCU. The vulnerability is rooted in a flaw that allows unauthorized registry modification, a weakness that directly threatens system availability and integrity.

Affected Systems

The flaw affects NVIDIA HGX and DGX B300 platforms, specifically the CX8 MCU component. No specific firmware or hardware revisions are listed in the CVE data, so all B300 systems using the affected MCU are potentially vulnerable until a vendor patch is applied.

Risk and Exploitability

The reported CVSS score of 5.9 indicates a moderate severity, and the EPSS score is not available, so the exact likelihood of exploitation cannot be quantified from the CVE report. The vulnerability is not included in the CISA KEV catalog, suggesting no publicly known exploits yet. Based on the description, the attack likely requires privileged access to the MCU—either through firmware update interfaces or a physically proximate attack vector. While remote exploitation is not explicitly stated, the ability to modify unsupported registries hints at a low‑to‑medium complexity attack that could be performed by an adversary with sufficient access to the device’s firmware management pathway.

Generated by OpenCVE AI on March 24, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest firmware update for the NVIDIA B300 CX8 MCU from NVIDIA’s support portal.
  • Refrain from manually modifying unsupported registry entries on the CX8 MCU, following NVIDIA’s official guidelines.
  • Monitor system logs for unexpected registry changes and prepare to restore the MCU to a factory state if tampering is detected.

Generated by OpenCVE AI on March 24, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title MCU Registry Modification Leading to Denial of Service and Data Tampering in NVIDIA B300

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia dgx B300
Nvidia hgx B300
Vendors & Products Nvidia
Nvidia dgx B300
Nvidia hgx B300

Tue, 24 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.
Weaknesses CWE-1234
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

Nvidia Dgx B300 Hgx B300
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-03-24T20:55:26.563Z

Reserved: 2025-04-15T18:51:08.192Z

Link: CVE-2025-33242

cve-icon Vulnrichment

Updated: 2026-03-24T20:53:30.749Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T21:16:24.253

Modified: 2026-03-25T15:41:58.280

Link: CVE-2025-33242

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:57:32Z

Weaknesses