Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1111

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components.

Published

2021-08-11T22:15:08.327

Last Modified

2024-11-21T05:43:37.157

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	nvidia	jetson_linux	< 32.6.1	Yes
Hardware	nvidia	jetson_agx_xavier	-	No
Hardware	nvidia	jetson_tx2	-	No
Hardware	nvidia	jetson_tx2_nx	-	No
Hardware	nvidia	jetson_xavier_nx	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5216 Vendor Advisory ([email protected])
https://nvidia.custhelp.com/app/answers/detail/a_id/5216 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)