CVE-2021-23201

NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.

CVSS v3 7.5 HIGH
CVSS v2.0 6.9 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5263	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:nvidia:geforce_gtx_950:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_960:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_970:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_980:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_titan_x:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-::-:::::
	cpe:2.3:h:nvidia:jetson_nano:-::developer_kit:::::
	cpe:2.3:h:nvidia:jetson_tx1:-:::::::*
	cpe:2.3:h:nvidia:quadro_m1000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m1200:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2200:-:::::::*
	cpe:2.3:h:nvidia:quadro_m3000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m500m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m520:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5500:-:::::::*
	cpe:2.3:h:nvidia:quadro_m6000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m600m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m620:-:::::::*
	cpe:2.3:h:nvidia:shield_tv:-:::::::*
	cpe:2.3:h:nvidia:shield_tv_pro:-:::::::*
	cpe:2.3:h:nvidia:tesla_m10:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2050:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2070:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2070q:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2090:-:::::::*
	cpe:2.3:h:nvidia:tesla_m4:-:::::::*
	cpe:2.3:h:nvidia:tesla_m40:-:::::::*
	cpe:2.3:h:nvidia:tesla_m6:-:::::::*
	cpe:2.3:h:nvidia:tesla_m60:-:::::::*
	cpe:2.3:h:nvidia:tesla_p100:-:::::::*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

09 Feb 2022, 16:37

Type	Values Removed	Values Added
CVSS	v2 : ~~7.2~~ v3 : ~~8.2~~	v2 : 6.9 v3 : 7.5

08 Feb 2022, 19:15

Type	Values Removed	Values Added
Summary	NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller which may allow a user with elevated privileges to generate valid microcode. This could lead to information disclosure, data corruption, or denial of service of the device.	NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.

24 Nov 2021, 15:38

Type	Values Removed	Values Added
References	~~(CONFIRM) https://nvidia.custhelp.com/app/answers/detail/a_id/5263 -~~	(CONFIRM) https://nvidia.custhelp.com/app/answers/detail/a_id/5263 - Vendor Advisory
CPE		cpe:2.3:h:nvidia:quadro_m6000:-:::::::* cpe:2.3:h:nvidia:geforce_gtx_970:-:::::::* cpe:2.3:h:nvidia:quadro_m1200:-:::::::* cpe:2.3:h:nvidia:tesla_m40:-:::::::* cpe:2.3:h:nvidia:quadro_m620:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:h:nvidia:quadro_m4000:-:::::::* cpe:2.3:h:nvidia:tesla_m60:-:::::::* cpe:2.3:h:nvidia:tesla_m2090:-:::::::* cpe:2.3:h:nvidia:quadro_m3000m:-:::::::* cpe:2.3:h:nvidia:tesla_m4:-:::::::* cpe:2.3:h:nvidia:geforce_gtx_titan_x:-:::::::* cpe:2.3:h:nvidia:jetson_tx1:-:::::::* cpe:2.3:h:nvidia:quadro_m5000m:-:::::::* cpe:2.3:h:nvidia:quadro_m2000m:-:::::::* cpe:2.3:h:nvidia:quadro_m600m:-:::::::* cpe:2.3:h:nvidia:jetson_nano:-::-::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:h:nvidia:geforce_gtx_960:-:::::::* cpe:2.3:h:nvidia:quadro_m500m:-:::::::* cpe:2.3:h:nvidia:tesla_m6:-:::::::* cpe:2.3:h:nvidia:tesla_m10:-:::::::* cpe:2.3:h:nvidia:quadro_m1000m:-:::::::* cpe:2.3:h:nvidia:shield_tv_pro:-:::::::* cpe:2.3:h:nvidia:jetson_nano:-:::::::* cpe:2.3:h:nvidia:quadro_m2000:-:::::::* cpe:2.3:h:nvidia:quadro_m2200:-:::::::* cpe:2.3:h:nvidia:tesla_m2050:-:::::::* cpe:2.3:h:nvidia:geforce_gtx_950:-:::::::* cpe:2.3:h:nvidia:quadro_m520:-:::::::* cpe:2.3:h:nvidia:quadro_m5000:-:::::::* cpe:2.3:h:nvidia:shield_tv:-:::::::* cpe:2.3:h:nvidia:quadro_m4000m:-:::::::* cpe:2.3:h:nvidia:quadro_m5500:-:::::::* cpe:2.3:h:nvidia:tesla_m2070:-:::::::* cpe:2.3:h:nvidia:tesla_p100:-:::::::* cpe:2.3:h:nvidia:jetson_nano:-::developer_kit::::: cpe:2.3:h:nvidia:tesla_m2070q:-:::::::* cpe:2.3:h:nvidia:geforce_gtx_980:-:::::::*
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 8.2

20 Nov 2021, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-11-20 15:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-23201

Mitre link : CVE-2021-23201

CVE.ORG link : CVE-2021-23201

JSON object : View

Products Affected

nvidia

quadro_m4000m
tesla_m2050
tesla_m10
geforce_gtx_950
geforce_gtx_titan_x
geforce_gtx_970
quadro_m1000m
quadro_m620
geforce_gtx_980
tesla_m6
tesla_p100
quadro_m2000m
tesla_m2070
quadro_m2200
quadro_m6000
jetson_nano
quadro_m600m
quadro_m1200
quadro_m520
shield_tv
quadro_m5000m
quadro_m2000
geforce_gtx_960
tesla_m2090
tesla_m40
quadro_m4000
jetson_tx1
tesla_m4
quadro_m500m
quadro_m3000m
quadro_m5500
tesla_m2070q
shield_tv_pro
tesla_m60
quadro_m5000

linux

linux_kernel

microsoft

windows

CWE

NVD-CWE-noinfo

7.5 /10