Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34394

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.

Published

2021-06-22T22:15:09.277

Last Modified

2024-11-21T06:10:18.440

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	nvidia	jetson_linux	< 32.5.1	Yes
Hardware	nvidia	jetson_agx_xavier_16gb	-	No
Hardware	nvidia	jetson_agx_xavier_32gb	-	No
Hardware	nvidia	jetson_agx_xavier_8gb	-	No
Hardware	nvidia	jetson_tx2	-	No
Hardware	nvidia	jetson_tx2_4gb	-	No
Hardware	nvidia	jetson_tx2_nx	-	No
Hardware	nvidia	jetson_tx2i	-	No
Hardware	nvidia	jetson_xavier_nx	-	No
Hardware	nvidia	jetson_xavier_nx	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5205 Vendor Advisory ([email protected])
https://nvidia.custhelp.com/app/answers/detail/a_id/5205 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)