Positive Labs specialist Alexey Kovrizhnykh helped eliminate two vulnerabilities in the firmware of high-speed network adapters from the American company Broadcom, which are used in servers and data center equipment.
The vulnerability PT-2025-17 (BDU:2025-01796) was assigned a CVSS score of 4.6, while PT-2025-19 (BDU:2025-01825) received a score of 8.2 and had two exploitation vectors.
Both bugs were present in version 231.1.162.1 of the firmware for NetXtreme-E family network adapters. It is noted that, if exploited, cloud providers, data centers, and enterprise customers using the vulnerable equipment could have experienced service disruptions, as well as become victims of theft of employee, customer, and partner data, which could have led to financial and reputational losses.
To exploit these bugs, an attacker would need a virtual machine running code on a server with the vulnerable network adapter. They could gain access to it by compromising the system or by legally renting the required compute resources.
“Cloud providers allocate resources to different clients as virtual machines that run on the hardware of a shared server. By executing arbitrary code and exploiting the PT-2025-19 flaw, an attacker could potentially carry out a VM escape attack and gain full access to any virtual machine hosted on a server with a vulnerable network adapter. As a result, they could steal information processed on those virtual machines, including account and personal data of employees, partners, and customers of organizations,” comments Alexey Usanov, Head of Hardware Security Research at Positive Technologies (Positive Labs).
Exploitation of PT-2025-19 could also lead to a denial-of-service (DoS) of the network adapter, resulting in all virtual machines on the targeted server becoming unavailable on the network.
Broadcom representatives were notified of the issues and have already released a firmware update. Users are advised to update to the latest version as soon as possible and follow the manufacturer’s recommendations. In addition, for extra protection, the researchers recommend enabling all available security options in the network adapter’s configuration.