Microcontroller Vulnerability in NVIDIA GPU and Tegra Hardware
CVE-2021-23201

7.5HIGH

Key Information:

Vendor: Nvidia
Status: Nvidia Gpu And Tegra Hardware
Vendor: CVE Published:; 20 November 2021

Summary

NVIDIA GPUs and Tegra hardware have an internal microcontroller vulnerability that enables users with elevated privileges to generate valid microcode. By identifying and exploiting this vulnerability, attackers could load compromised microcode, potentially leading to significant issues like information disclosure, data corruption, or denial of service. The impact of this vulnerability could extend beyond the immediate affected components.

Affected Version(s)

NVIDIA GPU and Tegra hardware Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5263

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 20, 2021
Vulnerability Reserved
Feb 9, 2021