CVE-2021-23201
moderate-risk
Published 2021-11-20
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
LOCAL
/ HIGH complexity
Affected Products (20)
Geforce Gtx 950
Geforce Gtx 960
Geforce Gtx 970
Geforce Gtx 980
Geforce Gtx Titan X
Jetson Nano
Jetson Nano
Jetson Nano
Jetson Tx1
Quadro M1000M
Quadro M1200
Quadro M2000
Quadro M2000M
Quadro M2200
Quadro M3000M
Quadro M4000
Quadro M4000M
Quadro M5000
Quadro M5000M
Quadro M500M
Affected Vendors
References (2)
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5263
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5263
44
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
24/34 · High