NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HNvidia Bluefield 2 Ga
HWNvidiawszystkie wersjeNvidia Bluefield 2 Lts
HWNvidiawszystkie wersjeNvidia Bluefield 3 Ga
HWNvidiawszystkie wersjeNvidia Bluefield Bmc
APPNvidia23.0423.0723.092.8.2-46
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
Related vulnerabilities
CVE-2023-25519HIGH7.8ten sam produkt
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restric...
CVE-2026-24207CRITICAL9.8PL ✓ten sam vendor
Authentication Bypass w NVIDIA Triton Inference Server umożliwiający RCE
CVE-2026-24178CRITICAL9.8PL ✓ten sam vendor
NVIDIA NVFlare – authorization bypass przez klucz kontrolowany przez użytkownika
CVE-2025-33222CRITICAL9.8PL ✓ten sam vendor
NVIDIA Isaac Launchable — podatność hard-coded credentials (RCE, DoS)
CVE-2025-33223CRITICAL9.8PL ✓ten sam vendor
NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami