8.2

CVE-2021-34372

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

Data is provided by the National Vulnerability Database (NVD)
NvidiaJetson Linux Version < 32.5.1
   NvidiaJetson Agx Xavier 16gb Version-
   NvidiaJetson Agx Xavier 32gb Version-
   NvidiaJetson Agx Xavier 8gb Version-
   NvidiaJetson Nano Version- Edition-
   NvidiaJetson Nano Version- Editiondeveloper_kit
   NvidiaJetson Nano 2gb Version-
   NvidiaJetson Tx1 Version-
   NvidiaJetson Tx2 Version-
   NvidiaJetson Tx2 4gb Version-
   NvidiaJetson Tx2 Nx Version-
   NvidiaJetson Tx2i Version-
   NvidiaJetson Xavier Nx Version- Editiondeveloper_kit
   NvidiaJetson Xavier Nx Version- Editionproduction
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.197
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@nvidia.com 8.2 1.5 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.