Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1070

NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.

Published

2021-01-26T22:15:12.043

Last Modified

2024-11-21T05:43:32.257

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	nvidia	linux_for_tegra	< r32.5	Yes
Hardware	nvidia	jetson_agx_xavier	-	No
Hardware	nvidia	jetson_nano	-	No
Hardware	nvidia	jetson_nano_2gb	-	No
Hardware	nvidia	jetson_tx1	-	No
Hardware	nvidia	jetson_tx2	-	No
Hardware	nvidia	jetson_xavier_nx	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5147 Vendor Advisory ([email protected])
https://nvidia.custhelp.com/app/answers/detail/a_id/5147 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)