Rewterz Threat Advisory – Multiple NVIDIA GPU and Tegra Hardware Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-34400

NVIDIA GPU and Tegra Hardware could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the internal microcontroller. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-1088

NVIDIA GPU and Tegra Hardware could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the internal microcontroller. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-1105

NVIDIA GPU and Tegra Hardware could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the internal microcontroller. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-1125

NVIDIA GPU and Tegra Hardware could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the internal microcontroller. By executing a specially-crafted program, an attacker could exploit this vulnerability to corrupt program data.

CVE-2021-23217

NVIDIA GPU and Tegra Hardware could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the internal microcontroller. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-23201

NVIDIA GPU and Tegra Hardware could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the internal microcontroller. By executing a specially-crafted program, an attacker could exploit this vulnerability to cause information disclosure, data corruption, or denial of service of the device.

CVE-2021-23219

NVIDIA GPU and Tegra Hardware could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the internal microcontroller. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-34399

NVIDIA GPU and Tegra Hardware could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the internal microcontroller. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information.

Impact

Information Disclosure
Security Bypass
Code Execution

Affected Vendors

NVIDIA

Affected Products

NVIDIA vGPU Software 8.8
NVIDIA vGPU Software 11.5
NVIDIA vGPU Software 12.3
NVIDIA vGPU Software 13.0

Remediation

Refer to NVIDIA Security Advisory for patch, upgrade, or suggested workaround information.

https://nvidia.custhelp.com/app/answers/detail/a_id/5263

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Squirrelwaffle Exploits ProxyLogon and ProxyShell Infect Systems

Rewterz Threat Advisory – CVE-2021-38681 – QNAP NAS Vulnerability