CVE-2021-23217

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.

CVSS v3.0 7.5 HIGH
CVSS v2.0 6.9 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5263	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:nvidia:geforce_gt_605:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_610:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_620:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_625:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_630:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_635:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_640:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_705:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_710:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_720:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_730:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_740:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_645:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_650:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_650_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_650_ti_boost:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_660:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_660_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_670:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_680:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_690:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_745:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_750:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_750_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_760:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_760_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_770:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_780:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_780_ti:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_950:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_960:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_970:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_980:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_titan_x:-:::::::*
	cpe:2.3:h:nvidia:gtx_titan:-:::::::*
	cpe:2.3:h:nvidia:gtx_titan_black:-:::::::*
	cpe:2.3:h:nvidia:gtx_titan_z:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-::-:::::
	cpe:2.3:h:nvidia:jetson_nano:-::developer_kit:::::
	cpe:2.3:h:nvidia:jetson_tx1:-:::::::*
	cpe:2.3:h:nvidia:quadro_m1000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m1200:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2200:-:::::::*
	cpe:2.3:h:nvidia:quadro_m3000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m500m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m520:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5500:-:::::::*
	cpe:2.3:h:nvidia:quadro_m6000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m600m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m620:-:::::::*
	cpe:2.3:h:nvidia:shield_tv:-:::::::*
	cpe:2.3:h:nvidia:shield_tv_pro:-:::::::*
	cpe:2.3:h:nvidia:tesla_m10:-:::::::*
	cpe:2.3:h:nvidia:tesla_m4:-:::::::*
	cpe:2.3:h:nvidia:tesla_m40:-:::::::*
	cpe:2.3:h:nvidia:tesla_m6:-:::::::*
	cpe:2.3:h:nvidia:tesla_m60:-:::::::*
cpe:2.3:h:nvidia:tesla_p100:-:::::::*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Information

Published : 2021-11-20 07:15

Updated : 2022-02-24 11:13

NVD link : CVE-2021-23217

Mitre link : CVE-2021-23217

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

nvidia

geforce_gt_730
gtx_titan
quadro_m1000m
geforce_gtx_745
geforce_gtx_titan_x
geforce_gt_720
geforce_gtx_645
geforce_gtx_660_ti
quadro_m5000m
geforce_gtx_760_ti
gtx_titan_black
quadro_m5500
geforce_gtx_670
geforce_gtx_970
quadro_m500m
shield_tv_pro
geforce_gtx_680
geforce_gt_705
tesla_p100
quadro_m520
tesla_m10
geforce_gtx_780
geforce_gt_605
quadro_m1200
geforce_gt_610
quadro_m4000m
tesla_m4
geforce_gtx_770
quadro_m2200
geforce_gt_740
quadro_m4000
jetson_nano
geforce_gtx_960
geforce_gt_630
geforce_gtx_650_ti_boost
quadro_m2000
geforce_gtx_750_ti
jetson_tx1
geforce_gt_635
geforce_gtx_950
geforce_gt_710
geforce_gtx_660
gtx_titan_z
tesla_m40
quadro_m6000
geforce_gt_640
quadro_m2000m
tesla_m6
geforce_gtx_760
geforce_gtx_650
tesla_m60
quadro_m620
quadro_m3000m
geforce_gt_625
quadro_m5000
geforce_gtx_780_ti
shield_tv
geforce_gtx_750
geforce_gt_620
geforce_gtx_650_ti
quadro_m600m
geforce_gtx_690
geforce_gtx_980

linux

linux_kernel

microsoft

windows

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263", "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-23217", "ASSIGNER": "psirt@nvidia.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}}, "publishedDate": "2021-11-20T15:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_605:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_610:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_620:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_625:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_630:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_635:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_640:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_705:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_720:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_740:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_645:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_650_ti:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_650_ti_boost:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_660:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_660_ti:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_670:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_680:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_690:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_745:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_750:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_750_ti:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_760:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_760_ti:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_770:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_780:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_780_ti:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_950:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_960:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_970:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_980:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_titan_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:gtx_titan:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:gtx_titan_black:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:gtx_titan_z:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:jetson_nano:-:*:-:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:jetson_nano:-:*:developer_kit:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m1200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m520:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m620:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:shield_tv:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:shield_tv_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:tesla_m10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:tesla_m4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:tesla_m40:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:tesla_m6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:tesla_m60:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nvidia:tesla_p100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-24T19:13Z"}

7.5 /10