Nvidia ConnectX, BlueField: Attackers can manipulate data
In the latest firmware version, Nvidia has closed security gaps in the ConnectX network adapter and the BlueField computing platform.
Emergency in the data center
(Image: vchal/Shutterstock.com)
To prevent attacks from coming to nothing, administrators should promptly install the latest firmware version for the ConnectX network adapter and the BlueField computing platform from Nvidia. The developers have closed two security gaps.
In a warning message, they write that attackers can trigger crashes and manipulate data by successfully exploiting the vulnerabilities (CVE-2024-0105"high", CVE-2024-0106"high").
Videos by heise
Nothing is currently known about possible attack processes. There are no reports of ongoing attacks to date. The following products are specifically under threat:
- ConnectX4
- ConnectX4LX
- ConnectX GA
- ConnectX LTS22
- ConnectX LTS23
- BlueField 1
- BlueField GA
- BlueField LTS22
- BlueField LTS23
These versions are protected against the attacks described:
- 12.28.2302
- xx.32.1900
- xx.41.1000
- xx.35.4030
- xx.39.3560
- BlueField Bundle DOCA 2.7.0
- BlueField Bundle DOCA 1.5.3
- BlueField Bundle DOCA 2.5.2
If you are running BlueField 1, you must contact your Nvidia Customer Program Manager for a backup.
(des)
