CVE-2021-1071

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5147	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:nvidia:jetson_agx_xavier:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano_2gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx1:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2:-:::::::*
	cpe:2.3:h:nvidia:jetson_xavier_nx:-:::::::*

History

No history.

Information

Published : 2021-01-26 22:15

Updated : 2024-02-28 18:08

NVD link : CVE-2021-1071

Mitre link : CVE-2021-1071

CVE.ORG link : CVE-2021-1071

JSON object : View

Products Affected

nvidia

linux_for_tegra
jetson_tx2
jetson_agx_xavier
jetson_xavier_nx
jetson_nano
jetson_nano_2gb
jetson_tx1

CWE

NVD-CWE-Other

{"id": "CVE-2021-1071", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.1}]}, "published": "2021-01-26T22:15:12.107", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5147", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure."}, {"lang": "es", "value": "El kernel de NVIDIA Tegra en Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano y Nano 2GB, todas las versiones L4T anteriores a r32.5, contiene una vulnerabilidad en el controlador INA3221 en la que un control de acceso inapropiado puede conllevar a usuarios no autorizados a conseguir acceso a los datos de uso de energ\u00eda del sistema, lo que puede conllevar a una divulgaci\u00f3n de informaci\u00f3n"}], "lastModified": "2021-02-04T16:10:28.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B53AC0D9-2453-4E98-BA1D-029C04EB720A", "versionEndExcluding": "r32.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DD3D2AA-2A9F-470D-BB0F-A7B7C2EC2490"}, {"criteria": "cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B2B041F-21A8-4F0B-BBAF-7CDD8B911547"}, {"criteria": "cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52E153CA-BE89-4C66-8B72-8901BF592423"}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86D1FDAD-C594-43D9-9BF6-F7461177AB91"}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479"}, {"criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0AA5976-FD71-4A53-BD4F-D342E871FEB0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}