NVIDIA DOCA-Host and Mellanox OFED VGT+ Privilege Escalation and Denial-of-Service Vulnerability

A vulnerability has been identified in NVIDIA DOCA-Host and Mellanox OFED, specifically within the VGT+ feature. This vulnerability allows an attacker on a virtual machine to escalate privileges and cause a denial-of-service on the VLAN. The issue arises when VGT+ is enabled and eSwitch is in Legacy mode, the default setting.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation and a denial-of-service condition on the affected VLAN.

Remediation

Users can update to NVIDIA DOCA-Host versions 2.5.4-0.0.9, 2.9.3-0.2.2, or 3.0.0-058001. For Mellanox OFED, users should update to versions 5.8-7.0.6.1, 23.10-5.1.4.0, or 24.10-3.2.5.0. To check if VGT+ is enabled, look for the 'trunk' file in the '/sys/class/net/eth5/device/sriov/0/' directory. If the file is missing or empty, VGT+ is not enabled.