CVE-2021-23217
moderate-risk
Published 2021-11-20
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
LOCAL
/ HIGH complexity
Affected Products (20)
Geforce Gt 605
Geforce Gt 610
Geforce Gt 620
Geforce Gt 625
Geforce Gt 630
Geforce Gt 635
Geforce Gt 640
Geforce Gt 705
Geforce Gt 710
Geforce Gt 720
Geforce Gt 730
Geforce Gt 740
Geforce Gtx 645
Geforce Gtx 650
Geforce Gtx 650 Ti
Geforce Gtx 650 Ti Boost
Geforce Gtx 660
Geforce Gtx 660 Ti
Geforce Gtx 670
Geforce Gtx 680
Affected Vendors
References (2)
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5263
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5263
47
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
27/34 · High