CVE‑2023‑25519: About NVIDIA BlueField data processing unit (DPU) – 13th Sep 2023

Preface: Ubuntu Server 22.04 ships with NVIDIA BlueField DPUs as commercial-grade Linux distribution with continuous OS and security updates. DOCA software is available on every leading operating system as a standalone package without a bundled OS for Arm® and x86 architectures.

Background: The NVIDIA cloud-native supercomputing platform leverages the NVIDIA BlueField DPU architecture with high-speed, low-latency. The DPU enables native cloud services that let multiple users securely share resources without loss in application performance. HPC and AI communication frameworks and libraries play a critical role in determining application performance. Due to their latency and bandwidth-sensitive nature, offloading the libraries from the host CPU or GPU to the BlueField DPU creates the highest degree of overlap for parallel progression of communication and computation.

Vulnerability details: NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. 

CWE-286         Incorrect User Management

Official announcement: For details, please refer to the link –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.