CVE-2025-33215 | THREATINT

Description

NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.

PUBLISHED Reserved 2025-04-15 | Published 2026-03-24 | Updated 2026-03-24 | Assigner nvidia

MEDIUM: 6.8CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Problem types

CWE-823 Use of Out-of-range Pointer Offset

Product status

Default status

unaffected

All versions prior to SNAP-4.9.1 and SNAP-4.5.5

affected

References

nvd.nist.gov/vuln/detail/CVE-2025-33215

www.cve.org/CVERecord?id=CVE-2025-33215

nvidia.custhelp.com/app/answers/detail/a_id/5744

cve.org (CVE-2025-33215)

nvd.nist.gov (CVE-2025-33215)

Download JSON