CVE-2021-34372

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5205	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-::-:::::
	cpe:2.3:h:nvidia:jetson_nano:-::developer_kit:::::
	cpe:2.3:h:nvidia:jetson_nano_2gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx1:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2_4gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2_nx:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2i:-:::::::*
	cpe:2.3:h:nvidia:jetson_xavier_nx:-::developer_kit:::::
	cpe:2.3:h:nvidia:jetson_xavier_nx:-::production:::::

History

No history.

Information

Published : 2021-06-22 22:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-34372

Mitre link : CVE-2021-34372

CVE.ORG link : CVE-2021-34372

JSON object : View

Products Affected

nvidia

jetson_tx2
jetson_linux
jetson_tx2i
jetson_agx_xavier_8gb
jetson_agx_xavier_16gb
jetson_xavier_nx
jetson_agx_xavier_32gb
jetson_nano
jetson_nano_2gb
jetson_tx2_4gb
jetson_tx2_nx
jetson_tx1

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2021-34372", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2021-06-22T22:15:08.947", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service."}, {"lang": "es", "value": "El controlador Trusty (el Sistema Operativo confiable producido por NVIDIA para los dispositivos Jetson) contiene una vulnerabilidad en el c\u00f3digo de an\u00e1lisis de mensajes del protocolo OTE de NVIDIA en la que un desbordamiento de enteros en el c\u00e1lculo del tama\u00f1o de malloc() conlleva un desbordamiento del b\u00fafer en la pila, que puede resultar en una divulgaci\u00f3n de informaci\u00f3n, escalada de privilegios y una denegaci\u00f3n de servicio"}], "lastModified": "2021-06-29T19:37:04.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8941F71-0292-414E-AEA5-DD55EA3C2009", "versionEndExcluding": "32.5.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0E081CB-B6EC-42DC-BA04-BCA13C17D190"}, {"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F92D471-8E65-41FC-A5DE-255136F6F989"}, {"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E29459F7-997A-4B87-9164-6E3B5158ADC3"}, {"criteria": "cpe:2.3:h:nvidia:jetson_nano:-:*:-:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9244F123-8518-4D81-AD26-5695F27F413B"}, {"criteria": "cpe:2.3:h:nvidia:jetson_nano:-:*:developer_kit:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80BF53A0-8FDF-4827-9C00-ED082C4A68C7"}, {"criteria": "cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52E153CA-BE89-4C66-8B72-8901BF592423"}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86D1FDAD-C594-43D9-9BF6-F7461177AB91"}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479"}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71994F94-5279-4107-99F5-48990AE0C686"}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64C3FB58-08AA-4FE4-97BE-21B254BA229F"}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DF55ABB-1B4F-452E-9D84-C01A638F88A0"}, {"criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E54B955-F0E2-44BD-9B8C-3C788BBCF2A9"}, {"criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E0C93C3-26F6-48E4-BADA-4DB05A7BA9D1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}