6.7
CVE-2021-34394
- EPSS 0.09%
- Published 22.06.2021 22:15:09
- Last modified 21.11.2024 06:10:18
- Source psirt@nvidia.com
- Teams watchlist Login
- Open Login
Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.
Data is provided by the National Vulnerability Database (NVD)
Nvidia ≫ Jetson Linux Version < 32.5.1
Nvidia ≫ Jetson Agx Xavier 16gb Version-
Nvidia ≫ Jetson Agx Xavier 32gb Version-
Nvidia ≫ Jetson Agx Xavier 8gb Version-
Nvidia ≫ Jetson Tx2 Version-
Nvidia ≫ Jetson Tx2 4gb Version-
Nvidia ≫ Jetson Tx2 Nx Version-
Nvidia ≫ Jetson Tx2i Version-
Nvidia ≫ Jetson Xavier Nx Version- Editiondeveloper_kit
Nvidia ≫ Jetson Xavier Nx Version- Editionproduction
Nvidia ≫ Jetson Agx Xavier 32gb Version-
Nvidia ≫ Jetson Agx Xavier 8gb Version-
Nvidia ≫ Jetson Tx2 Version-
Nvidia ≫ Jetson Tx2 4gb Version-
Nvidia ≫ Jetson Tx2 Nx Version-
Nvidia ≫ Jetson Tx2i Version-
Nvidia ≫ Jetson Xavier Nx Version- Editiondeveloper_kit
Nvidia ≫ Jetson Xavier Nx Version- Editionproduction
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.229 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| psirt@nvidia.com | 4.2 | 0.6 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.