Security Notice: NVIDIA Tegra RCM Vulnerability

NVIDIA’S response to the Tegra RCM issue

April 24, 2018

This notice is a response to recent publications on a security issue regarding NVIDIA Tegra Recovery Mode (RCM). A researcher indicates that a person with physical access to older Tegra-based processors could connect to the device’s USB port, bypass the secure boot and execute unverified code.

This issue cannot be exploited remotely, even if the device is connected to the Internet. Rather, a person must have physical access to an affected processor’s USB connection to bypass the secure boot and run unverified code.

At this time, NVIDIA is not aware of any malicious compromise of Tegra-based devices.

NVIDIA Tegra X2, which was launched in 2016, and later Tegra systems on a chip (SOCs) such as Xavier, are not affected by this issue. NVIDIA GPUs are not affected.

NVIDIA takes security concerns seriously, and is actively evaluating this issue and conferring with partners.

Visit the NVIDIA Product Security page to

• See future updates to this issue
• Subscribe to security bulletin notifications
• See the current list of NVIDIA security bulletins
• Report a potential vulnerability in any NVIDIA supported product
• Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)