CVE-2021-23201

Q: What is the severity of CVE-2021-23201?

CVE-2021-23201 has a CVSS score of 7.5 (HIGH). This vulnerability in NVIDIA GPU and Tegra hardware allows an attacker with elevated privileges to generate and load malicious microcode on an internal microcontroller, potentially leading to information disclosure, data corruption, or denial of service. It affects systems using vulnerable NVIDIA hardware, particularly those where attackers have already gained privileged access.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in NVIDIA GPU and Tegra hardware allows an attacker with elevated privileges to generate and load malicious microcode on an internal microcontroller, potentially leading to information disclosure, data corruption, or denial of service. It affects systems using vulnerable NVIDIA hardware, particularly those where attackers have already gained privileged access.

💻 Affected Systems

Products:

NVIDIA GPU hardware
NVIDIA Tegra hardware

Versions: Specific versions not detailed in advisory; refer to NVIDIA's security bulletin for exact models and firmware versions.

Operating Systems: All operating systems using affected NVIDIA hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is hardware-based and affects systems with the vulnerable microcontrollers; exploitation requires elevated privileges.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise, including permanent data corruption, denial of service, or unauthorized access to sensitive information stored on or processed by the GPU/Tegra hardware.

🟠

Likely Case

Local attackers with elevated privileges exploiting the vulnerability to cause data corruption or denial of service, disrupting GPU/Tegra functionality in targeted systems.

🟢

If Mitigated

Minimal impact if systems are patched and access controls limit privileged user accounts, reducing the attack surface to trusted insiders only.

🌐 Internet-Facing: LOW, as exploitation requires local elevated privileges, making remote attacks unlikely without prior compromise.

🏢 Internal Only: MEDIUM, as internal attackers with elevated access could exploit this to disrupt hardware operations or leak data in shared environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH, due to the need for deep hardware knowledge and elevated privileges to manipulate microcode.

No public exploits known; exploitation likely limited to sophisticated attackers with insider access or compromised systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check NVIDIA's security bulletin for specific firmware or driver updates; no single version listed in the provided references.

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5263

Restart Required: Yes

Instructions:

1. Review NVIDIA's security advisory for affected products. 2. Download and apply the latest firmware or driver updates from NVIDIA's official website. 3. Reboot the system to ensure changes take effect.

🔧 Temporary Workarounds

Restrict Privileged Access

all

Limit the number of users with elevated privileges to reduce the attack surface for local exploitation.

Use OS-specific tools (e.g., sudoers file on Linux, User Account Control on Windows) to manage admin rights.

🧯 If You Can't Patch

Isolate affected systems in segmented networks to limit potential lateral movement by attackers.
Monitor for unusual activity or privilege escalation attempts on systems with vulnerable hardware.

🔍 How to Verify

Check if Vulnerable:

Check the NVIDIA GPU or Tegra firmware version against the patched versions listed in NVIDIA's security advisory.

Check Version:

On Linux: 'nvidia-smi' for GPU info; on Windows: Check Device Manager or NVIDIA Control Panel for driver details.

Verify Fix Applied:

Confirm that the firmware or driver version has been updated to a patched release as specified by NVIDIA.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation logs
Failed or unauthorized firmware update attempts

Network Indicators:

Anomalous outbound traffic from systems with NVIDIA hardware, though exploitation is primarily local.

SIEM Query:

Example: search for events where user privilege changes coincide with access to hardware management tools on systems with NVIDIA GPUs/Tegra.

📊 Metadata

CVE ID: CVE-2021-23201

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Published: November 20, 2021

Last Updated: November 21, 2024

🔗 References

https://nvidia.custhelp.com/app/answers/detail/a_id/5263 Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5263 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Geforce Gtx 950 by Nvidia

Geforce Gtx 960 by Nvidia

Geforce Gtx 970 by Nvidia

Geforce Gtx 980 by Nvidia

Geforce Gtx Titan X by Nvidia

Jetson Nano by Nvidia

Jetson Nano by Nvidia

Jetson Nano by Nvidia

Jetson Tx1 by Nvidia

Quadro M1000m by Nvidia

Quadro M1200 by Nvidia

Quadro M2000 by Nvidia

Quadro M2000m by Nvidia

Quadro M2200 by Nvidia

Quadro M3000m by Nvidia

Quadro M4000 by Nvidia

Quadro M4000m by Nvidia

Quadro M5000 by Nvidia

Quadro M5000m by Nvidia

Quadro M500m by Nvidia

Quadro M520 by Nvidia

Quadro M5500 by Nvidia

Quadro M6000 by Nvidia

Quadro M600m by Nvidia

Quadro M620 by Nvidia

Shield Tv by Nvidia

Shield Tv Pro by Nvidia

Tesla M10 by Nvidia

Tesla M2050 by Nvidia

Tesla M2070 by Nvidia

Tesla M2070q by Nvidia

Tesla M2090 by Nvidia

Tesla M4 by Nvidia

Tesla M40 by Nvidia

Tesla M6 by Nvidia

Tesla M60 by Nvidia

Tesla P100 by Nvidia

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Privileged Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export