5

CVE-2021-34389

Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check can allow a local user through a malicious client to access memory from the heap in the TrustZone, which may lead to information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NvidiaJetson Linux Version < 32.5.1
   NvidiaJetson Agx Xavier 16gb Version-
   NvidiaJetson Agx Xavier 32gb Version-
   NvidiaJetson Agx Xavier 8gb Version-
   NvidiaJetson Tx2 Version-
   NvidiaJetson Tx2 4gb Version-
   NvidiaJetson Tx2 Nx Version-
   NvidiaJetson Tx2i Version-
   NvidiaJetson Xavier Nx Version- Editiondeveloper_kit
   NvidiaJetson Xavier Nx Version- Editionproduction
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.167
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 1.3 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
psirt@nvidia.com 5 1.3 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://nvidia.custhelp.com/app/answers/detail/a_id/5205
Vendor Advisory