CVE-2021-23217 - Vulnerability Details

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00042.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe
Microsoft Subscribe	Windows Subscribe
Nvidia Subscribe	Geforce Gt 605 Subscribe Geforce Gt 610 Subscribe Geforce Gt 620 Subscribe Geforce Gt 625 Subscribe Geforce Gt 630 Subscribe Geforce Gt 635 Subscribe Geforce Gt 640 Subscribe Geforce Gt 705 Subscribe Geforce Gt 710 Subscribe Geforce Gt 720 Subscribe Geforce Gt 730 Subscribe Geforce Gt 740 Subscribe Geforce Gtx 645 Subscribe Geforce Gtx 650 Subscribe Geforce Gtx 650 Ti Subscribe Geforce Gtx 650 Ti Boost Subscribe Geforce Gtx 660 Subscribe Geforce Gtx 660 Ti Subscribe Geforce Gtx 670 Subscribe Geforce Gtx 680 Subscribe Geforce Gtx 690 Subscribe Geforce Gtx 745 Subscribe Geforce Gtx 750 Subscribe Geforce Gtx 750 Ti Subscribe Geforce Gtx 760 Subscribe Geforce Gtx 760 Ti Subscribe Geforce Gtx 770 Subscribe Geforce Gtx 780 Subscribe Geforce Gtx 780 Ti Subscribe Geforce Gtx 950 Subscribe Geforce Gtx 960 Subscribe Geforce Gtx 970 Subscribe Geforce Gtx 980 Subscribe Geforce Gtx Titan X Subscribe Gtx Titan Subscribe Gtx Titan Black Subscribe Gtx Titan Z Subscribe Jetson Nano Subscribe Jetson Tx1 Subscribe Quadro M1000m Subscribe Quadro M1200 Subscribe Quadro M2000 Subscribe Quadro M2000m Subscribe Quadro M2200 Subscribe Quadro M3000m Subscribe Quadro M4000 Subscribe Quadro M4000m Subscribe Quadro M5000 Subscribe Quadro M5000m Subscribe Quadro M500m Subscribe Quadro M520 Subscribe Quadro M5500 Subscribe Quadro M6000 Subscribe Quadro M600m Subscribe Quadro M620 Subscribe Shield Tv Subscribe Shield Tv Pro Subscribe Tesla M10 Subscribe Tesla M4 Subscribe Tesla M40 Subscribe Tesla M6 Subscribe Tesla M60 Subscribe Tesla P100 Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:h:nvidia:geforce_gt_605:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_610:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_620:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_625:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_630:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_635:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_640:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_705:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_710:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_720:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_730:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_740:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_645:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_650:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_650_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_650_ti_boost:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_660:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_660_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_670:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_680:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_690:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_745:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_750:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_750_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_760:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_760_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_770:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_780:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_780_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_950:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_960:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_970:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_980:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_titan_x:-:::::::*
	cpe:2.3:h:nvidia:gtx_titan:-:::::::*
	cpe:2.3:h:nvidia:gtx_titan_black:-:::::::*
	cpe:2.3:h:nvidia:gtx_titan_z:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-::-:::::
	cpe:2.3:h:nvidia:jetson_nano:-::developer_kit:::::
	cpe:2.3:h:nvidia:jetson_tx1:-:::::::*
	cpe:2.3:h:nvidia:quadro_m1000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m1200:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2200:-:::::::*
	cpe:2.3:h:nvidia:quadro_m3000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m500m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m520:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5500:-:::::::*
	cpe:2.3:h:nvidia:quadro_m6000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m600m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m620:-:::::::*
	cpe:2.3:h:nvidia:shield_tv:-:::::::*
	cpe:2.3:h:nvidia:shield_tv_pro:-:::::::*
	cpe:2.3:h:nvidia:tesla_m10:-:::::::*
	cpe:2.3:h:nvidia:tesla_m4:-:::::::*
	cpe:2.3:h:nvidia:tesla_m40:-:::::::*
	cpe:2.3:h:nvidia:tesla_m6:-:::::::*
	cpe:2.3:h:nvidia:tesla_m60:-:::::::*
cpe:2.3:h:nvidia:tesla_p100:-:::::::*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-10320	NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5263

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2021-11-20T14:55:23

Updated: 2024-08-03T19:05:55.701Z

Reserved: 2021-02-09T00:00:00

Link: CVE-2021-23217

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-11-20T15:15:07.890

Modified: 2024-11-21T05:51:23.477

Link: CVE-2021-23217

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object