4.4
MEDIUM
CVE-2021-1125
NVIDIA GPU and Tegra Boot ROM Buffer Overflow
Description

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.

INFO

Published Date :

Nov. 20, 2021, 3:15 p.m.

Last Modified :

Nov. 26, 2021, 7 p.m.

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

0.8
Affected Products

The following products are affected by CVE-2021-1125 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Nvidia dgx-1_p100
2 Nvidia dgx-1_v100
3 Nvidia dgx-2
4 Nvidia dgx_station_a100
5 Nvidia geforce_gt_605
6 Nvidia geforce_gt_610
7 Nvidia geforce_gt_620
8 Nvidia geforce_gt_625
9 Nvidia geforce_gt_630
10 Nvidia geforce_gt_635
11 Nvidia geforce_gt_640
12 Nvidia geforce_gt_705
13 Nvidia geforce_gt_710
14 Nvidia geforce_gt_720
15 Nvidia geforce_gt_730
16 Nvidia geforce_gt_740
17 Nvidia geforce_gtx_1050
18 Nvidia geforce_gtx_1050_ti
19 Nvidia geforce_gtx_1060
20 Nvidia geforce_gtx_1070
21 Nvidia geforce_gtx_1070_ti
22 Nvidia geforce_gtx_1080
23 Nvidia geforce_gtx_1080_ti
24 Nvidia geforce_gtx_645
25 Nvidia geforce_gtx_650
26 Nvidia geforce_gtx_650_ti
27 Nvidia geforce_gtx_650_ti_boost
28 Nvidia geforce_gtx_660
29 Nvidia geforce_gtx_660_ti
30 Nvidia geforce_gtx_670
31 Nvidia geforce_gtx_680
32 Nvidia geforce_gtx_690
33 Nvidia geforce_gtx_745
34 Nvidia geforce_gtx_750
35 Nvidia geforce_gtx_750_ti
36 Nvidia geforce_gtx_760
37 Nvidia geforce_gtx_760_ti
38 Nvidia geforce_gtx_770
39 Nvidia geforce_gtx_780
40 Nvidia geforce_gtx_780_ti
41 Nvidia geforce_gtx_950
42 Nvidia geforce_gtx_960
43 Nvidia geforce_gtx_970
44 Nvidia geforce_gtx_980
45 Nvidia geforce_gtx_titan_x
46 Nvidia gtx_titan
47 Nvidia gtx_titan_black
48 Nvidia gtx_titan_z
49 Nvidia jetson_agx_xavier_16gb
50 Nvidia jetson_agx_xavier_32gb
51 Nvidia jetson_agx_xavier_8gb
52 Nvidia jetson_nano
53 Nvidia jetson_tx1
54 Nvidia jetson_tx2
55 Nvidia jetson_tx2_4gb
56 Nvidia jetson_tx2_nx
57 Nvidia jetson_tx2i
58 Nvidia jetson_xavier_nx
59 Nvidia nvidia_hgx-2
60 Nvidia quadro_gv100
61 Nvidia quadro_m1000m
62 Nvidia quadro_m1200
63 Nvidia quadro_m2000
64 Nvidia quadro_m2000m
65 Nvidia quadro_m2200
66 Nvidia quadro_m3000m
67 Nvidia quadro_m4000
68 Nvidia quadro_m4000m
69 Nvidia quadro_m5000
70 Nvidia quadro_m5000m
71 Nvidia quadro_m500m
72 Nvidia quadro_m520
73 Nvidia quadro_m5500
74 Nvidia quadro_m6000
75 Nvidia quadro_m600m
76 Nvidia quadro_m620
77 Nvidia quadro_p1000
78 Nvidia quadro_p2000
79 Nvidia quadro_p2200
80 Nvidia quadro_p3000
81 Nvidia quadro_p3200
82 Nvidia quadro_p400
83 Nvidia quadro_p4000
84 Nvidia quadro_p4200
85 Nvidia quadro_p500
86 Nvidia quadro_p5000
87 Nvidia quadro_p520
88 Nvidia quadro_p5200
89 Nvidia quadro_p600
90 Nvidia quadro_p6000
91 Nvidia quadro_p620
92 Nvidia shield_tv
93 Nvidia shield_tv_pro
94 Nvidia tesla_m10
95 Nvidia tesla_m4
96 Nvidia tesla_m40
97 Nvidia tesla_m6
98 Nvidia tesla_m60
99 Nvidia tesla_p100
100 Nvidia tesla_p4
101 Nvidia tesla_p40
102 Nvidia tesla_p6
103 Nvidia tesla_v100
104 Nvidia tesla_v100s
105 Nvidia titan_v
106 Nvidia titan_x
107 Nvidia titan_xp
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-1125.

URL Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5263 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-1125 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-1125 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Reanalysis by [email protected]

    Nov. 26, 2021

    Action Type Old Value New Value
    Removed CVSS V2 NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:N/I:C/A:N)
    Removed CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Added CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
  • Initial Analysis by [email protected]

    Nov. 24, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://nvidia.custhelp.com/app/answers/detail/a_id/5263 No Types Assigned https://nvidia.custhelp.com/app/answers/detail/a_id/5263 Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration AND OR *cpe:2.3:h:nvidia:dgx-1_p100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:dgx-1_v100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:dgx-2:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:dgx_station_a100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_605:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_610:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_620:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_625:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_630:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_635:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_640:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_705:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_720:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_740:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1050_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1070_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1080_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_645:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_650:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_650_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_650_ti_boost:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_660:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_660_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_670:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_680:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_690:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_745:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_750:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_750_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_760:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_760_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_770:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_780:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_780_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_950:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_960:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_970:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_980:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_titan_x:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:gtx_titan:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:gtx_titan_black:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:gtx_titan_z:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_nano:-:*:-:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_nano:-:*:developer_kit:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:* *cpe:2.3:h:nvidia:nvidia_hgx-2:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_gv100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m1200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m2200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m520:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m620:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p1000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p2000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p2200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p3000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p3200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p400:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p4000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p4200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p500:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p520:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p5200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p600:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p620:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:shield_tv:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:shield_tv_pro:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m10:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m4:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m40:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m6:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m60:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_p100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_p4:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_p40:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_p6:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_v100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_v100s:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:titan_v:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:titan_xp:-:*:*:*:*:*:*:* OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-1125 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-1125 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10296

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability