CVE-2021-23217

Summary

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA GPU and Tegra hardwareMaxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2affected

Weaknesses

  • CWE 1190: DMA Device Enabled Too Early in Boot Phase

ADP Enrichment

CVE Program Container

Additional References

References