7.7

CVE-2021-34374

Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service.

Data is provided by the National Vulnerability Database (NVD)
NvidiaJetson Linux Version < 32.5.1
   NvidiaJetson Agx Xavier 16gb Version-
   NvidiaJetson Agx Xavier 32gb Version-
   NvidiaJetson Agx Xavier 8gb Version-
   NvidiaJetson Tx2 Version-
   NvidiaJetson Tx2 4gb Version-
   NvidiaJetson Tx2 Nx Version-
   NvidiaJetson Tx2i Version-
   NvidiaJetson Xavier Nx Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.16
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@nvidia.com 7.7 1.1 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.