CVE Published: 20/11/2021 |
CVE Updated: 03/08/2024 |
CVE Year: 2021 Source: nvidia |
Vendor: NVIDIA |
Product: NVIDIA GPU and Tegra hardware Status : PUBLISHED
CVE-2021-23201 Description
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.
Metrics
CVSS Version: 3.1 |
Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* CHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE Name: CWE 1240: Use of a Risky Cryptographic Primitive Source: NVIDIA
Common Attack Pattern Enumeration and Classification (CAPEC)