Security Notice: NVIDIA Tegra RCM Vulnerability

Answer ID 4660
Updated 04/24/2018 03:06 PM

NVIDIA'S response to the Tegra RCM issue


April 24, 2018

This notice is a response to recent publications on a security issue regarding NVIDIA Tegra Recovery Mode (RCM). A researcher indicates that a person with physical access to older Tegra-based processors could connect to the device's USB port, bypass the secure boot and execute unverified code.

This issue cannot be exploited remotely, even if the device is connected to the Internet. Rather, a person must have physical access to an affected processor’s USB connection to bypass the secure boot and run unverified code.

At this time, NVIDIA is not aware of any malicious compromise of Tegra-based devices.

NVIDIA Tegra X2, which was launched in 2016, and later Tegra systems on a chip (SOCs) such as Xavier, are not affected by this issue. NVIDIA GPUs are not affected.

NVIDIA takes security concerns seriously, and is actively evaluating this issue and conferring with partners.

Visit the NVIDIA Product Security page to

  • See future updates to this issue
  • Subscribe to security bulletin notifications
  • See the current list of NVIDIA security bulletins
  • Report a potential vulnerability in any NVIDIA supported product
  • Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

Revision History

Revision Date Description
1.0 April 24, 2018 Initial release
Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

LIVE CHAT

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

CONTACT US