Security Bulletin: NVIDIA ConnectX and BlueField – October 2024 (CVE‑2024-0105 and CVE-2024-0106) – 31th Oct 2024

Preface: Nvidia BlueField is a line of data processing units (DPUs) designed and produced by Nvidia. Initially developed by Mellanox Technologies. DOCA is a consistent and essential resource across all existing and future generations of BlueField DPU and SuperNIC products.

Background: The NVIDIA cloud-native supercomputing platform leverages the NVIDIA BlueField DPU architecture with high-speed, low-latency. The DPU enables native cloud services that let multiple users securely share resources without loss in application performance. HPC and AI communication frameworks and libraries play a critical role in determining application performance. Due to their latency and bandwidth-sensitive nature, offloading the libraries from the host CPU or GPU to the BlueField DPU creates the highest degree of overlap for parallel progression of communication and computation.

Vulnerability details:

CVE-2024-0105 – NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

CVE-2024-0106 – NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.

Official announcement: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5562

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.