7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
34.4%
NVIDIAβS response to the Tegra RCM issue
This notice is a response to recent publications on a security issue regarding NVIDIA Tegra Recovery Mode (RCM). A researcher indicates that a person with physical access to older Tegra-based processors could connect to the deviceβs USB port, bypass the secure boot and execute unverified code.
This issue cannot be exploited remotely, even if the device is connected to the Internet. Rather, a person must have physical access to an affected processorβs USB connection to bypass the secure boot and run unverified code.
At this time, NVIDIA is not aware of any malicious compromise of Tegra-based devices.
NVIDIA Tegra X2, which was launched in 2016, and later Tegra systems on a chip (SOCs) such as Xavier, are not affected by this issue. NVIDIA GPUs are not affected.
NVIDIA takes security concerns seriously, and is actively evaluating this issue and conferring with partners.
Visit the NVIDIA Product Security page to
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
34.4%