4.1
MEDIUM
CVE-2021-23219
NVIDIA GPU and Tegra Privilege Escalation and Information Disclosure Vulnerability
Description

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure.

INFO

Published Date :

Nov. 20, 2021, 3:15 p.m.

Last Modified :

Nov. 21, 2024, 5:51 a.m.

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

0.5
Affected Products

The following products are affected by CVE-2021-23219 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Nvidia dgx-1_p100
2 Nvidia dgx-1_v100
3 Nvidia dgx-2
4 Nvidia dgx_station_a100
5 Nvidia drive_constellation
6 Nvidia geforce_gt_605
7 Nvidia geforce_gt_610
8 Nvidia geforce_gt_620
9 Nvidia geforce_gt_625
10 Nvidia geforce_gt_630
11 Nvidia geforce_gt_635
12 Nvidia geforce_gt_640
13 Nvidia geforce_gt_705
14 Nvidia geforce_gt_710
15 Nvidia geforce_gt_720
16 Nvidia geforce_gt_730
17 Nvidia geforce_gt_740
18 Nvidia geforce_gtx_1050
19 Nvidia geforce_gtx_1050_ti
20 Nvidia geforce_gtx_1060
21 Nvidia geforce_gtx_1070
22 Nvidia geforce_gtx_1070_ti
23 Nvidia geforce_gtx_1080
24 Nvidia geforce_gtx_1080_ti
25 Nvidia geforce_gtx_1650
26 Nvidia geforce_gtx_1650_super
27 Nvidia geforce_gtx_1660
28 Nvidia geforce_gtx_1660_super
29 Nvidia geforce_gtx_1660_ti
30 Nvidia geforce_gtx_645
31 Nvidia geforce_gtx_650
32 Nvidia geforce_gtx_650_ti
33 Nvidia geforce_gtx_650_ti_boost
34 Nvidia geforce_gtx_660
35 Nvidia geforce_gtx_660_ti
36 Nvidia geforce_gtx_670
37 Nvidia geforce_gtx_680
38 Nvidia geforce_gtx_690
39 Nvidia geforce_gtx_745
40 Nvidia geforce_gtx_750
41 Nvidia geforce_gtx_750_ti
42 Nvidia geforce_gtx_760
43 Nvidia geforce_gtx_760_ti
44 Nvidia geforce_gtx_770
45 Nvidia geforce_gtx_780
46 Nvidia geforce_gtx_780_ti
47 Nvidia geforce_gtx_950
48 Nvidia geforce_gtx_960
49 Nvidia geforce_gtx_970
50 Nvidia geforce_gtx_980
51 Nvidia geforce_gtx_titan_x
52 Nvidia geforce_rtx_2060
53 Nvidia geforce_rtx_2060_super
54 Nvidia geforce_rtx_2070
55 Nvidia geforce_rtx_2070_super
56 Nvidia geforce_rtx_2080
57 Nvidia geforce_rtx_2080_super
58 Nvidia geforce_rtx_2080_ti
59 Nvidia gtx_titan
60 Nvidia gtx_titan_black
61 Nvidia gtx_titan_z
62 Nvidia jetson_agx_xavier_16gb
63 Nvidia jetson_agx_xavier_32gb
64 Nvidia jetson_agx_xavier_8gb
65 Nvidia jetson_nano
66 Nvidia jetson_tx1
67 Nvidia jetson_tx2
68 Nvidia jetson_tx2_4gb
69 Nvidia jetson_tx2_nx
70 Nvidia jetson_tx2i
71 Nvidia jetson_xavier_nx
72 Nvidia nvidia_hgx-2
73 Nvidia nvidia_t1000
74 Nvidia nvidia_t2000
75 Nvidia nvidia_t4
76 Nvidia nvidia_t400
77 Nvidia nvidia_t600
78 Nvidia quadro_gv100
79 Nvidia quadro_m1000m
80 Nvidia quadro_m1200
81 Nvidia quadro_m2000
82 Nvidia quadro_m2000m
83 Nvidia quadro_m2200
84 Nvidia quadro_m3000m
85 Nvidia quadro_m4000
86 Nvidia quadro_m4000m
87 Nvidia quadro_m5000
88 Nvidia quadro_m5000m
89 Nvidia quadro_m500m
90 Nvidia quadro_m520
91 Nvidia quadro_m5500
92 Nvidia quadro_m6000
93 Nvidia quadro_m600m
94 Nvidia quadro_m620
95 Nvidia quadro_p1000
96 Nvidia quadro_p2000
97 Nvidia quadro_p2200
98 Nvidia quadro_p3000
99 Nvidia quadro_p3200
100 Nvidia quadro_p400
101 Nvidia quadro_p4000
102 Nvidia quadro_p4200
103 Nvidia quadro_p500
104 Nvidia quadro_p5000
105 Nvidia quadro_p520
106 Nvidia quadro_p5200
107 Nvidia quadro_p600
108 Nvidia quadro_p6000
109 Nvidia quadro_p620
110 Nvidia quadro_rtx_3000
111 Nvidia quadro_rtx_4000
112 Nvidia quadro_rtx_5000
113 Nvidia quadro_rtx_6000
114 Nvidia quadro_rtx_8000
115 Nvidia quadro_t1000
116 Nvidia quadro_t2000
117 Nvidia quadro_t400
118 Nvidia quadro_t600
119 Nvidia shield_tv
120 Nvidia shield_tv_pro
121 Nvidia tesla_m10
122 Nvidia tesla_m4
123 Nvidia tesla_m40
124 Nvidia tesla_m6
125 Nvidia tesla_m60
126 Nvidia tesla_p100
127 Nvidia tesla_p4
128 Nvidia tesla_p40
129 Nvidia tesla_p6
130 Nvidia tesla_v100
131 Nvidia tesla_v100s
132 Nvidia titan_rtx
133 Nvidia titan_v
134 Nvidia titan_x
135 Nvidia titan_xp
1 Linux linux_kernel
1 Microsoft windows
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-23219.

URL Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5263 Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5263 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-23219 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-23219 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://nvidia.custhelp.com/app/answers/detail/a_id/5263
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Reanalysis by [email protected]

    Feb. 24, 2022

    Action Type Old Value New Value
  • Modified Analysis by [email protected]

    Feb. 09, 2022

    Action Type Old Value New Value
    Removed CVSS V2 NIST (AV:L/AC:L/Au:N/C:P/I:N/A:N)
    Added CVSS V2 NIST (AV:L/AC:M/Au:N/C:P/I:N/A:N)
    Removed CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
    Added CVSS V3.1 NIST AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE Modified by [email protected]

    Feb. 08, 2022

    Action Type Old Value New Value
    Changed Description NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access protected information, which may lead to information disclosure. NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure.
  • Initial Analysis by [email protected]

    Nov. 24, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:P/I:N/A:N)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
    Changed Reference Type https://nvidia.custhelp.com/app/answers/detail/a_id/5263 No Types Assigned https://nvidia.custhelp.com/app/answers/detail/a_id/5263 Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration AND OR *cpe:2.3:h:nvidia:dgx-1_p100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:dgx-1_v100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:dgx-2:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:dgx_station_a100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:drive_constellation:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_605:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_610:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_620:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_625:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_630:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_635:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_640:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_705:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_720:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gt_740:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1050_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1070_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1080_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1650:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1650_super:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1660:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1660_super:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_1660_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_645:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_650:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_650_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_650_ti_boost:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_660:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_660_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_670:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_680:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_690:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_745:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_750:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_750_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_760:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_760_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_770:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_780:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_780_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_950:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_960:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_970:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_980:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_gtx_titan_x:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_rtx_2060:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_rtx_2060_super:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_rtx_2070:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_rtx_2070_super:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_rtx_2080:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_rtx_2080_super:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:geforce_rtx_2080_ti:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:gtx_titan:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:gtx_titan_black:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:gtx_titan_z:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_nano:-:*:-:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_nano:-:*:developer_kit:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:* *cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:* *cpe:2.3:h:nvidia:nvidia_hgx-2:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:nvidia_t1000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:nvidia_t2000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:nvidia_t4:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:nvidia_t400:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:nvidia_t600:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_gv100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m1200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m2200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m520:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_m620:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p1000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p2000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p2200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p3000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p3200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p400:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p4000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p4200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p500:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p520:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p5200:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p600:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_p620:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_rtx_3000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_rtx_4000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_rtx_5000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_rtx_6000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_rtx_8000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_t1000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_t2000:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_t400:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:quadro_t600:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:shield_tv:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:shield_tv_pro:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m10:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m4:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m40:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m6:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_m60:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_p100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_p4:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_p40:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_p6:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_v100:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:tesla_v100s:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:titan_rtx:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:titan_v:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:* *cpe:2.3:h:nvidia:titan_xp:-:*:*:*:*:*:*:* OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-23219 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-23219 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10296

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability