Security Bulletin: NVIDIA ConnectX and BlueField – June 2026 (CVE-2025-23351 and CVE-2025-23350) 7th Jul 2026

Preface: While tech giants like Google rely on custom TPUs to cut costs and scale internal models like Gemini, NVIDIA remains globally dominant. This is because AWS and other cloud providers do offer NVIDIA H100s Amazon EC2 P5 Instances, and NVIDIA possesses an unmatched software ecosystem and universal hardware compatibility.

The NVIDIA ConnectX and BlueField command interface allows host software and firmware to communicate directly using the hardware’s internal mlx5 messaging layout. When Single Root I/O Virtualization (SR-IOV) is enabled, a local user or Virtual Machine (VM) interacting with a Virtual Function (VF) gains direct hardware access through this command interface to accelerate network capabilities.

Background: NVIDIA Secuirty Bulletin stated that a design weakness where local users with VF access could cause out-of-bounds write. However, there is ICM Page Limiting feature that the command interface enforces rules that prevent unprivileged guest users from overloading the server. Administrators can use the page_limit feature to cap the firmware interface memory (Internal Context Memory / ICM) that a rogue VF can pin down, avoiding host resource exhaustion? Do you think this function operate well in secure by design?

Answer: No, the ICM Page Limiting function does not operate well on its own under a strict “Secure by Design” philosophy when a severe memory corruption flaw like CVE-2025-23351 or CVE-2025-23350 is present.

While ICM Page Limiting is an excellent operational control for managing fair resource allocation, it falls short as a primary security defense because of how the two features interact at the architecture level. For details, please refer to attached infographic.

Vulnerability details:

CVE-2025-23351 and CVE-2025-23351 – NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5699

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.