Lucene search

NvidiaCVELIST:CVE-2021-23201

HistoryNov 20, 2021 - 2:55 p.m.

CVE-2021-23201

2021-11-2014:55:21

nvidia

www.cve.org

nvidia

tegra

vulnerability

microcode

information disclosure

data corruption

denial of service

elevated privileges

internal microcontroller

exploit

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.

CNA Affected

[
  {
    "product": "NVIDIA GPU and Tegra hardware",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5263

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-23201