CVE-2021-23201 - Vulnerability Details

NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NVIDIA

NVIDIA GPU and Tegra hardware

affected

Version	Status	Constraints
`Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:h:nvidia:geforce_gtx_950:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_960:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_970:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_980:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_titan_x:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-::-:::::
	cpe:2.3:h:nvidia:jetson_nano:-::developer_kit:::::
	cpe:2.3:h:nvidia:jetson_tx1:-:::::::*
	cpe:2.3:h:nvidia:quadro_m1000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m1200:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2200:-:::::::*
	cpe:2.3:h:nvidia:quadro_m3000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m500m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m520:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5500:-:::::::*
	cpe:2.3:h:nvidia:quadro_m6000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m600m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m620:-:::::::*
	cpe:2.3:h:nvidia:shield_tv:-:::::::*
	cpe:2.3:h:nvidia:shield_tv_pro:-:::::::*
	cpe:2.3:h:nvidia:tesla_m10:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2050:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2070:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2070q:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2090:-:::::::*
	cpe:2.3:h:nvidia:tesla_m4:-:::::::*
	cpe:2.3:h:nvidia:tesla_m40:-:::::::*
	cpe:2.3:h:nvidia:tesla_m6:-:::::::*
	cpe:2.3:h:nvidia:tesla_m60:-:::::::*
	cpe:2.3:h:nvidia:tesla_p100:-:::::::*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe
Microsoft Subscribe	Windows Subscribe
Nvidia Subscribe	Geforce Gtx 950 Subscribe Geforce Gtx 960 Subscribe Geforce Gtx 970 Subscribe Geforce Gtx 980 Subscribe Geforce Gtx Titan X Subscribe Jetson Nano Subscribe Jetson Tx1 Subscribe Quadro M1000m Subscribe Quadro M1200 Subscribe Quadro M2000 Subscribe Quadro M2000m Subscribe Quadro M2200 Subscribe Quadro M3000m Subscribe Quadro M4000 Subscribe Quadro M4000m Subscribe Quadro M5000 Subscribe Quadro M5000m Subscribe Quadro M500m Subscribe Quadro M520 Subscribe Quadro M5500 Subscribe Quadro M6000 Subscribe Quadro M600m Subscribe Quadro M620 Subscribe Shield Tv Subscribe Shield Tv Pro Subscribe Tesla M10 Subscribe Tesla M2050 Subscribe Tesla M2070 Subscribe Tesla M2070q Subscribe Tesla M2090 Subscribe Tesla M4 Subscribe Tesla M40 Subscribe Tesla M6 Subscribe Tesla M60 Subscribe Tesla P100 Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2021-10306	NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5263

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2021-11-20T14:55:21

Updated: 2024-08-03T19:05:55.376Z

Reserved: 2021-02-09T00:00:00

Link: CVE-2021-23201

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-11-20T15:15:07.840

Modified: 2024-11-21T05:51:21.940

Link: CVE-2021-23201

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object