DMA Write Vulnerability in NVIDIA GPU and Tegra Hardware
CVE-2021-23217

7.5HIGH

Key Information:

Vendor: Nvidia
Status: Nvidia Gpu And Tegra Hardware
Vendor: CVE Published:; 20 November 2021

What is CVE-2021-23217?

NVIDIA's GPU and Tegra hardware expose a vulnerability in their internal microcontroller. This flaw allows users with elevated privileges to initiate a Direct Memory Access (DMA) write operation within a restricted time frame, potentially leading to malicious code execution. This vulnerability could compromise the confidentiality, integrity, and availability of affected systems, with possible implications for various system components.

Affected Version(s)

NVIDIA GPU and Tegra hardware Maxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5263

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2021
Vulnerability Reserved
Feb 9, 2021

Nvidia

What is CVE-2021-23217?

Affected Version(s)

References

CVSS V3.1

Timeline