CVE-2025-23259: 
Linux Debian vulnerability analysis and mitigation

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), discovered and disclosed on September 4, 2025. The vulnerability affects multiple versions of Mellanox DPDK and Upstream DPDK software. This security issue has been assigned CVE-2025-23259 with a CVSS v3.1 base score of 6.5 (Medium severity) (NVIDIA Security).

The vulnerability exists in the Poll Mode Driver (PMD) component of NVIDIA Mellanox DPDK. It has been classified as CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization). The CVSS v3.1 vector is AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H, indicating network attack vector, high attack complexity, no privileges required, no user interaction needed, unchanged scope, low confidentiality impact, no integrity impact, and high availability impact (NVD Database).

If successfully exploited, an attacker operating from a VM in the system could potentially cause information disclosure and denial of service on the network interface. The vulnerability primarily affects the availability of the system with a high impact rating, while also potentially exposing sensitive information with a low confidentiality impact (NVIDIA Security).

NVIDIA has released security updates to address this vulnerability. The fixed versions include: Mellanox DPDK 22.11_2504.1.0, 22.11_2410.4.0 LTS, 22.11_2310.6.0 LTS, 20.11.7.9.0, and Upstream DPDK versions 25.07, 24.11.3 LTS, 23.11.5 LTS, and 22.11.10 LTS. Users are advised to update to these patched versions (NVIDIA Security).