Lucene search

NvidiaCVELIST:CVE-2021-23217

HistoryNov 20, 2021 - 2:55 p.m.

CVE-2021-23217

2021-11-2014:55:23

nvidia

www.cve.org

nvidia

tegra

vulnerability

elevated user

code execution

confidentiality

integrity

availability

dma write operation

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.

CNA Affected

[
  {
    "product": "NVIDIA GPU and Tegra hardware",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "Maxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5263

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-23217