5
CVE-2021-34389
- EPSS 0.26%
- Veröffentlicht 21.06.2021 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:10:17
- Quelle psirt@nvidia.com
- CVE-Watchlists
- Unerledigt
Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check can allow a local user through a malicious client to access memory from the heap in the TrustZone, which may lead to information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nvidia ≫ Jetson Linux Version < 32.5.1
Nvidia ≫ Jetson Agx Xavier 16gb Version-
Nvidia ≫ Jetson Agx Xavier 32gb Version-
Nvidia ≫ Jetson Agx Xavier 8gb Version-
Nvidia ≫ Jetson Tx2 Version-
Nvidia ≫ Jetson Tx2 4gb Version-
Nvidia ≫ Jetson Tx2 Nx Version-
Nvidia ≫ Jetson Tx2i Version-
Nvidia ≫ Jetson Xavier Nx Version- Editiondeveloper_kit
Nvidia ≫ Jetson Xavier Nx Version- Editionproduction
Nvidia ≫ Jetson Agx Xavier 32gb Version-
Nvidia ≫ Jetson Agx Xavier 8gb Version-
Nvidia ≫ Jetson Tx2 Version-
Nvidia ≫ Jetson Tx2 4gb Version-
Nvidia ≫ Jetson Tx2 Nx Version-
Nvidia ≫ Jetson Tx2i Version-
Nvidia ≫ Jetson Xavier Nx Version- Editiondeveloper_kit
Nvidia ≫ Jetson Xavier Nx Version- Editionproduction
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.167 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 1.3 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
| psirt@nvidia.com | 5 | 1.3 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://nvidia.custhelp.com/app/answers/detail/a_id/5205