SB2021062106 - Multiple vulnerabilities in several NVIDIA products
Published: June 21, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 26 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2021-34372)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Trusty driver in the NVIDIA OTE protocol message parsing code. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Integer overflow (CVE-ID: CVE-2021-34386)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in "calloc" size calculation. A local administrator can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Input validation error (CVE-ID: CVE-2021-34397)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in NVIDIA MB2. A local administrator can cause free-the-wrong-heap, leading to limited denial of service.
4) Improper access control (CVE-ID: CVE-2021-34396)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Bootloader. A local administrator can overwrite NVIDIA MB2 code and cause a denial of service (DoS) condition.
5) Improper access control (CVE-ID: CVE-2021-34395)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Trusty TLK. A local administrator can bypass implemented security restrictions, leading to limited information disclosure and limited denial of service.
6) Deserialization of Untrusted Data (CVE-ID: CVE-2021-34394)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in all TAs. A local administrator can pass specially crafted data to the application and cause a denial of service condition on the target system.
7) Deserialization of Untrusted Data (CVE-ID: CVE-2021-34393)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in TSEC TA. A local administrator can pass specially crafted data to the application and gain access to sensitive information.
8) Integer overflow (CVE-ID: CVE-2021-34392)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
9) Integer overflow (CVE-ID: CVE-2021-34391)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in "tz_handle_trusted_app_smc" function. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
10) Integer overflow (CVE-ID: CVE-2021-34390)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in the "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
11) Out-of-bounds read (CVE-ID: CVE-2021-34389)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in NVIDIA OTE protocol message parsing code. A local user can trigger out-of-bounds read error and read contents of memory on the system.
12) Heap-based buffer overflow (CVE-ID: CVE-2021-34388)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Improper access control (CVE-ID: CVE-2021-34387)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the ARM TrustZone Technology. A local administrator can gain write access to kernel code and data that is otherwise mapped read only.
14) Integer overflow (CVE-ID: CVE-2021-34385)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel. A local administrator can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Heap-based buffer overflow (CVE-ID: CVE-2021-34373)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error in the NVIDIA TLK kernel. A local administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and cause information disclosure and denial of service.
16) Heap-based buffer overflow (CVE-ID: CVE-2021-34384)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Heap-based buffer overflow (CVE-ID: CVE-2021-34383)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Integer overflow (CVE-ID: CVE-2021-34382)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Trusty TLK in the "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Integer overflow (CVE-ID: CVE-2021-34381)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Trusty TLK in the "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Heap-based buffer overflow (CVE-ID: CVE-2021-34380)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Buffer overflow (CVE-ID: CVE-2021-34379)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Buffer overflow (CVE-ID: CVE-2021-34378)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service TA. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Buffer overflow (CVE-ID: CVE-2021-34377)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service TA. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Buffer overflow (CVE-ID: CVE-2021-34376)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service TA. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) Stack-based buffer overflow (CVE-ID: CVE-2021-34375)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error in all trusted applications (TAs). A local administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
26) Buffer overflow (CVE-ID: CVE-2021-34374)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in command handlers. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.