Strix
26.1K

CVE-2021-23201

HIGHCVSS 7.5/10EPSS 0.27%

Last modified

CVE-2021-23201 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
0.27%

19.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
NvidiaGeforce Gtx 950All versions
NvidiaGeforce Gtx 960All versions
NvidiaGeforce Gtx 970All versions
NvidiaGeforce Gtx 980All versions
NvidiaGeforce Gtx Titan XAll versions
NvidiaJetson NanoAll versions
NvidiaJetson Tx1All versions
NvidiaQuadro M1000mAll versions
NvidiaQuadro M1200All versions
NvidiaQuadro M2000All versions
NvidiaQuadro M2000mAll versions
NvidiaQuadro M2200All versions
NvidiaQuadro M3000mAll versions
NvidiaQuadro M4000All versions
NvidiaQuadro M4000mAll versions
NvidiaQuadro M5000All versions
NvidiaQuadro M5000mAll versions
NvidiaQuadro M500mAll versions
NvidiaQuadro M520All versions
NvidiaQuadro M5500All versions
NvidiaQuadro M6000All versions
NvidiaQuadro M600mAll versions
NvidiaQuadro M620All versions
NvidiaShield TvAll versions
NvidiaShield Tv ProAll versions
NvidiaTesla M10All versions
NvidiaTesla M2050All versions
NvidiaTesla M2070All versions
NvidiaTesla M2070qAll versions
NvidiaTesla M2090All versions
NvidiaTesla M4All versions
NvidiaTesla M40All versions
NvidiaTesla M6All versions
NvidiaTesla M60All versions
NvidiaTesla P100All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-23201?
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.
How severe is CVE-2021-23201?
CVE-2021-23201 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.
How do I fix CVE-2021-23201?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-23201?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST