CVE-2021-1125 - Vulnerability Details

Description

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.

Published: 2021-11-20

Score: 4.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NVIDIA

NVIDIA GPU and Tegra hardware

affected

Version	Status	Constraints
`Maxwell, Pascal, Volta, Tegra X1, Tegra X1+, Tegra TX2, Xavier`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:h:nvidia:dgx-1_p100:-:::::::*
	cpe:2.3:h:nvidia:dgx-1_v100:-:::::::*
	cpe:2.3:h:nvidia:dgx-2:-:::::::*
	cpe:2.3:h:nvidia:dgx_station_a100:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_605:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_610:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_620:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_625:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_630:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_635:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_640:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_705:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_710:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_720:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_730:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_740:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1050:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1050_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1060:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1070:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1070_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1080:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1080_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_645:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_650:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_650_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_650_ti_boost:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_660:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_660_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_670:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_680:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_690:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_745:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_750:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_750_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_760:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_760_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_770:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_780:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_780_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_950:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_960:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_970:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_980:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_titan_x:-:::::::*
	cpe:2.3:h:nvidia:gtx_titan:-:::::::*
	cpe:2.3:h:nvidia:gtx_titan_black:-:::::::*
	cpe:2.3:h:nvidia:gtx_titan_z:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-::-:::::
	cpe:2.3:h:nvidia:jetson_nano:-::developer_kit:::::
	cpe:2.3:h:nvidia:jetson_tx1:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2_4gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2_nx:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2i:-:::::::*
	cpe:2.3:h:nvidia:jetson_xavier_nx:-:::::::*
	cpe:2.3:h:nvidia:jetson_xavier_nx:-::developer_kit:::::
	cpe:2.3:h:nvidia:jetson_xavier_nx:-::production:::::
	cpe:2.3:h:nvidia:nvidia_hgx-2:-:::::::*
	cpe:2.3:h:nvidia:quadro_gv100:-:::::::*
cpe:2.3:h:nvidia:quadro_m1000m:-:::::::*
cpe:2.3:h:nvidia:quadro_m1200:-:::::::*
cpe:2.3:h:nvidia:quadro_m2000:-:::::::*
cpe:2.3:h:nvidia:quadro_m2000m:-:::::::*
cpe:2.3:h:nvidia:quadro_m2200:-:::::::*
cpe:2.3:h:nvidia:quadro_m3000m:-:::::::*
cpe:2.3:h:nvidia:quadro_m4000:-:::::::*
cpe:2.3:h:nvidia:quadro_m4000m:-:::::::*
cpe:2.3:h:nvidia:quadro_m5000:-:::::::*
cpe:2.3:h:nvidia:quadro_m5000m:-:::::::*
cpe:2.3:h:nvidia:quadro_m500m:-:::::::*
cpe:2.3:h:nvidia:quadro_m520:-:::::::*
cpe:2.3:h:nvidia:quadro_m5500:-:::::::*
cpe:2.3:h:nvidia:quadro_m6000:-:::::::*
cpe:2.3:h:nvidia:quadro_m600m:-:::::::*
cpe:2.3:h:nvidia:quadro_m620:-:::::::*
cpe:2.3:h:nvidia:quadro_p1000:-:::::::*
cpe:2.3:h:nvidia:quadro_p2000:-:::::::*
cpe:2.3:h:nvidia:quadro_p2200:-:::::::*
cpe:2.3:h:nvidia:quadro_p3000:-:::::::*
cpe:2.3:h:nvidia:quadro_p3200:-:::::::*
cpe:2.3:h:nvidia:quadro_p400:-:::::::*
cpe:2.3:h:nvidia:quadro_p4000:-:::::::*
cpe:2.3:h:nvidia:quadro_p4200:-:::::::*
cpe:2.3:h:nvidia:quadro_p500:-:::::::*
cpe:2.3:h:nvidia:quadro_p5000:-:::::::*
cpe:2.3:h:nvidia:quadro_p520:-:::::::*
cpe:2.3:h:nvidia:quadro_p5200:-:::::::*
cpe:2.3:h:nvidia:quadro_p600:-:::::::*
cpe:2.3:h:nvidia:quadro_p6000:-:::::::*
cpe:2.3:h:nvidia:quadro_p620:-:::::::*
cpe:2.3:h:nvidia:shield_tv:-:::::::*
cpe:2.3:h:nvidia:shield_tv_pro:-:::::::*
cpe:2.3:h:nvidia:tesla_m10:-:::::::*
cpe:2.3:h:nvidia:tesla_m4:-:::::::*
cpe:2.3:h:nvidia:tesla_m40:-:::::::*
cpe:2.3:h:nvidia:tesla_m6:-:::::::*
cpe:2.3:h:nvidia:tesla_m60:-:::::::*
cpe:2.3:h:nvidia:tesla_p100:-:::::::*
cpe:2.3:h:nvidia:tesla_p4:-:::::::*
cpe:2.3:h:nvidia:tesla_p40:-:::::::*
cpe:2.3:h:nvidia:tesla_p6:-:::::::*
cpe:2.3:h:nvidia:tesla_v100:-:::::::*
cpe:2.3:h:nvidia:tesla_v100s:-:::::::*
cpe:2.3:h:nvidia:titan_v:-:::::::*
cpe:2.3:h:nvidia:titan_x:-:::::::*
cpe:2.3:h:nvidia:titan_xp:-:::::::*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-6592	NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00049.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5263

History

No history.

Subscriptions

Linux Linux Kernel

Microsoft Windows

Nvidia Dgx-1 P100 Dgx-1 V100 Dgx-2 Dgx Station A100 Geforce Gt 605 Geforce Gt 610 Geforce Gt 620 Geforce Gt 625 Geforce Gt 630 Geforce Gt 635 Geforce Gt 640 Geforce Gt 705 Geforce Gt 710 Geforce Gt 720 Geforce Gt 730 Geforce Gt 740 Geforce Gtx 1050 Geforce Gtx 1050 Ti Geforce Gtx 1060 Geforce Gtx 1070 Geforce Gtx 1070 Ti Geforce Gtx 1080 Geforce Gtx 1080 Ti Geforce Gtx 645 Geforce Gtx 650 Geforce Gtx 650 Ti Geforce Gtx 650 Ti Boost Geforce Gtx 660 Geforce Gtx 660 Ti Geforce Gtx 670 Geforce Gtx 680 Geforce Gtx 690 Geforce Gtx 745 Geforce Gtx 750 Geforce Gtx 750 Ti Geforce Gtx 760 Geforce Gtx 760 Ti Geforce Gtx 770 Geforce Gtx 780 Geforce Gtx 780 Ti Geforce Gtx 950 Geforce Gtx 960 Geforce Gtx 970 Geforce Gtx 980 Geforce Gtx Titan X Gtx Titan Gtx Titan Black Gtx Titan Z Jetson Agx Xavier 16gb Jetson Agx Xavier 32gb Jetson Agx Xavier 8gb Jetson Nano Jetson Tx1 Jetson Tx2 Jetson Tx2 4gb Jetson Tx2 Nx Jetson Tx2i Jetson Xavier Nx Nvidia Hgx-2 Quadro Gv100 Quadro M1000m Quadro M1200 Quadro M2000 Quadro M2000m Quadro M2200 Quadro M3000m Quadro M4000 Quadro M4000m Quadro M5000 Quadro M5000m Quadro M500m Quadro M520 Quadro M5500 Quadro M6000 Quadro M600m Quadro M620 Quadro P1000 Quadro P2000 Quadro P2200 Quadro P3000 Quadro P3200 Quadro P400 Quadro P4000 Quadro P4200 Quadro P500 Quadro P5000 Quadro P520 Quadro P5200 Quadro P600 Quadro P6000 Quadro P620 Shield Tv Shield Tv Pro Tesla M10 Tesla M4 Tesla M40 Tesla M6 Tesla M60 Tesla P100 Tesla P4 Tesla P40 Tesla P6 Tesla V100 Tesla V100s Titan V Titan X Titan Xp

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2021-11-20T14:55:20.000Z

Updated: 2024-08-03T15:55:18.660Z

Reserved: 2020-11-12T00:00:00.000Z

Link: CVE-2021-1125

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-11-20T15:15:07.790

Modified: 2024-11-21T05:43:38.677

Link: CVE-2021-1125

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object