NvidiaNVIDIA:5263Security Notice: NVIDIA GPU and Tegra Hardware - November 2021
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
12.6%
This notice is a response to a published research paper on vulnerabilities in Tegra systems on a chip (SOCs).
Go to NVIDIA Product Security.
Details
This section provides a summary of potential vulnerabilities and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.
Note:
- Ampere products are not impacted.
- In an environment where the GPU is virtualized (for example, vGPU), you are not impacted.
- If the hypervisor is compromised or you have direct GPU access with bare metal or pass through, Turing, Volta, Pascal or Maxwell products can be exposed.
- Tegra X1, Tegra X1+, Tegra TX2 and Xavier products are impacted.
- In all cases, an attacker requires OS administrative/kernel rights.
CVE ID |Description|Base Score|Vector
—|—|—|—
CVE‑2021‑23201 | NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components. | 7.5 | AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE‑2021‑23217 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components. | 7.5 | AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE‑2021‑34400 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure. | 4.1 | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE‑2021‑34399 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure. | 4.1 | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE‑2021‑23219 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure. | 4.1 | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE‑2021‑1125 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data. | 4.1 | AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
CVE‑2021‑1105 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure. | 4.1 | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE‑2021‑1088 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure. | 4.1 | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.
Affected NVIDIA Products
Note: Ampere products are not affected
CVE IDs by Hardware Architecture
| CVE IDs | Hardware Architecture Type* |
|---|---|
| CVE‑2021‑1125 | Maxwell, Pascal, Volta, Tegra X1, Tegra X1+, Tegra TX2, Xavier |
| CVE‑2021‑23217 | Maxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2 |
| CVE‑2021‑23219 | Maxwell (except GM206), Tegra X1, Tegra X1+ |
| CVE‑2021‑23201 | |
| CVE‑2021‑34400 | |
| CVE‑2021‑34399 | |
| CVE‑2021‑1105 | |
| CVE‑2021‑1088 | Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier |
*These vulnerabilities impact both Windows and Linux operating systems
The following table lists NVIDIA products affected.
| Product Category | Hardware Architecture Type* | Impacted | Notes |
|---|---|---|---|
| GPU | Turing, Volta, Pascal, Maxwell | Yes | |
| GPU | Kepler | No | Kepler does not contain security features impacted by these vulnerabilities |
| GPU | Ampere | No | |
| Tegra SoC | Tegra X1, Tegra X1+, Tegra TX2, Xavier | Yes |
*See the table below for the product names corresponding to the architecture for each segment.
Affected NVIDIA Products by Hardware Architecture
Consumer and Commercial Client (GeForce, NVIDIA RTX) GPU Solutions
| Hardware Architecture | Product Name |
|---|---|
| Turing | GeForce RTX 20-series, GeForce GTX 16-series, Titan RTX |
| Volta | Titan V Series |
| Pascal (except P100) | GeForce GTX 10-series, Titan X, Titan Xp |
| Maxwell, Pascal P100 | GeForce 900-series, GeForce GTX Titan X |
| Kepler | GeForce 600-series, GeForce 700-series, GTX Titan, GTX Titan Black, GTX Titan Z |
Data Center and Edge (Tesla) GPU Solutions
| Hardware Architecture | Product Name |
|---|---|
| Turing | NVIDIA T4 |
| Volta | Tesla V100 (16GB, 32GB), Tesla V100S, HGX-2 |
| Pascal (except GP100) | Tesla P40, Tesla P6, Tesla P4 |
| Maxwell, Pascal GP100 | Tesla P100 (12GB, 16GB) Tesla M_xx_, Tesla M_xxxx_ |
| Kepler | Tesla Kxx/Kxxx, GRID Kx/Kxxx |
Professional Visualization (Quadro/NVIDIA RTX) GPU Solutions
| Hardware Architecture | Product Name |
|---|---|
| Turing | NVIDIA Quadro RTX_xxxx_, NVIDIA Quadro T-series, NVIDIA T-series |
| Volta | NVIDIA Quadro GV100 |
| Pascal (except GP100) | NVIDIA Quadro P-series (P_xx_/P_xxx_) |
| Maxwell, Pascal GP100 | NVIDIA Quadro M-series (M_xx_/M_xxx_) |
| Kepler | NVIDIA Quadro K-series (K_xx_/K_xxx_) |
Jetson Products
| Hardware Architecture | Product Name |
|---|---|
| Xavier | Jetson Xavier Series, Jetson Xavier NX |
| Tegra TX2 | Jetson TX2 Series |
| Tegra X1 | Jetson Nano Series, Jetson TX1 |
Shield TV
| Hardware Architecture | Product Name |
|---|---|
| Tegra X1, Tegra X1+ | SHIELD TV - All Versions |
DGX Systems
| Hardware Architecture | Product Name |
|---|---|
| Volta | NVIDIA DGX-1 (with V100), NVIDIA DGX-2, NVIDIA DGX Station |
| Pascal GP100 | NVIDIA DGX-1 (with P100) |
NVIDIA DRIVE Constellation
| Hardware Architecture | Product Name |
|---|---|
| Turing | NVIDIA DRIVE Constellation |
Mitigations
NVIDIA recommends following security best practices for managing access to computer systems. Limit administrative and kernel access to trusted users only.
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
12.6%