{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-33215", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-04-15T18:51:06.123Z", "datePublished": "2026-03-24T20:21:18.740Z", "dateUpdated": "2026-03-24T20:55:26.873Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:21:18.740Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-823", "description": "CWE-823 Use of Out-of-range Pointer Offset", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "affected": [{"vendor": "NVIDIA", "product": "SNAP-4 Container", "platforms": ["BlueField-3"], "versions": [{"status": "affected", "version": "All versions prior to SNAP-4.9.1 and SNAP-4.5.5"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33215"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33215"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5744"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-33215", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T20:51:16.448200Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T20:55:26.873Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-33215", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T20:51:16.448200Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T20:53:34.869Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "SNAP-4 Container", "versions": [{"status": "affected", "version": "All versions prior to SNAP-4.9.1 and SNAP-4.5.5"}], "platforms": ["BlueField-3"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33215"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33215"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5744"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-823", "description": "CWE-823 Use of Out-of-range Pointer Offset"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:21:18.740Z"}}}, "cveMetadata": {"cveId": "CVE-2025-33215", "state": "PUBLISHED", "dateUpdated": "2026-03-24T20:55:26.873Z", "dateReserved": "2025-04-15T18:51:06.123Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-03-24T20:21:18.740Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs."}], "id": "CVE-2025-33215", "lastModified": "2026-03-25T15:41:58.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-03-24T21:16:23.677", "references": [{"source": "psirt@nvidia.com", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33215"}, {"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5744"}, {"source": "psirt@nvidia.com", "url": "https://www.cve.org/CVERecord?id=CVE-2025-33215"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-823"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["bluefield-3"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "SNAP-4 Container", "source": "cna", "vendor": "NVIDIA"}, "product": "snap-4_container", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-03-24T22:21:29.940680+00:00", "value": {"mitigation_remediation": ["Apply the latest NVIDIA SNAP-4 Container patch or update to a fixed release.", "Verify that the container version has been updated to a fixed release.", "Isolate or restrict guest virtual machines from interacting with the vulnerable VIRTIO-BLK component until a patch is applied.", "Monitor the DPA and storage services for crashes or performance degradation that could indicate exploitation.", "Follow NVIDIA\u2019s official advisories and support channels for further guidance."], "summary": {"action": "Patch", "impact": "Denial of Service to storage availability"}, "threat_synthesis": {"affected_systems": "The vulnerability affects NVIDIA SNAP-4 Container environments. No specific version range is listed, so all current releases of the container are potentially vulnerable unless NVIDIA publishes a fixed release. No other vendor or product mentions appear in the advisory.", "description_and_impact": "The VIRTIO-BLK component in NVIDIA SNAP-4 Container allows a malicious guest virtual machine to send specially crafted messages that cause an out-of-range pointer offset. This out-of-bounds memory access can break the Direct Physical Access mechanism, leading to a denial of service that affects storage availability for other virtual machines. The flaw is an example of an out-of-bounds memory error (CWE-823) that can result in loss of availability for the hosting system\u2019s storage services.", "risk_and_exploitability": "The CVSS score of 6.8 indicates moderate severity. EPSS data is unavailable and the issue does not appear in the CISA KEV catalog, suggesting it is not widely exploited at present. The likely attack vector is local to the host, requiring a malicious guest VM with privileged access to the VIRTIO\u2011BLK device. Once triggered, the denial of service can disrupt storage for all VMs sharing the same host, but remote exploitation appears unlikely based on the description. The threat concentrates in environments where guest VMs can freely interact with the vulnerable component."}}}}, "created": "2026-03-25T11:46:07.992696+00:00", "title": "VIRTIO-BLK Out-of-Range Pointer Offsets Cause Storage Denial of Service in NVIDIA SNAP-4 Container", "updated": "2026-03-25T20:57:33.933428+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$snap-4_container"]}