Multiple vulnerabilities in several NVIDIA products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 26 |
| CVE-ID | CVE-2021-34372 CVE-2021-34386 CVE-2021-34397 CVE-2021-34396 CVE-2021-34395 CVE-2021-34394 CVE-2021-34393 CVE-2021-34392 CVE-2021-34391 CVE-2021-34390 CVE-2021-34389 CVE-2021-34388 CVE-2021-34387 CVE-2021-34385 CVE-2021-34373 CVE-2021-34384 CVE-2021-34383 CVE-2021-34382 CVE-2021-34381 CVE-2021-34380 CVE-2021-34379 CVE-2021-34378 CVE-2021-34377 CVE-2021-34376 CVE-2021-34375 CVE-2021-34374 |
| CWE-ID | CWE-190 CWE-20 CWE-284 CWE-502 CWE-125 CWE-122 CWE-119 CWE-121 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Jetson TX1 Hardware solutions / Firmware Jetson TX2 series Hardware solutions / Firmware Jetson TX2 NX Hardware solutions / Firmware Jetson AGX Xavier series Hardware solutions / Firmware Jetson Xavier NX Hardware solutions / Firmware Jetson Nano Hardware solutions / Firmware Jetson Nano 2GB Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 26 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU54258
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34372
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Trusty driver in the NVIDIA OTE protocol message parsing code. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU54272
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34386
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in "calloc" size calculation. A local administrator can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU54283
Risk: Low
CVSSv3.1: 1.7 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34397
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in NVIDIA MB2. A local administrator can cause free-the-wrong-heap, leading to limited denial of service.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU54282
Risk: Low
CVSSv3.1: 2.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34396
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Bootloader. A local administrator can overwrite NVIDIA MB2 code and cause a denial of service (DoS) condition.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU54281
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34395
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Trusty TLK. A local administrator can bypass implemented security restrictions, leading to limited information disclosure and limited denial of service.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Deserialization of Untrusted Data
EUVDB-ID: #VU54280
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34394
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in all TAs. A local administrator can pass specially crafted data to the application and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Deserialization of Untrusted Data
EUVDB-ID: #VU54279
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34393
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in TSEC TA. A local administrator can pass specially crafted data to the application and gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU54278
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34392
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Integer overflow
EUVDB-ID: #VU54277
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34391
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in "tz_handle_trusted_app_smc" function. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU54276
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34390
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in the "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU54275
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34389
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in NVIDIA OTE protocol message parsing code. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Heap-based buffer overflow
EUVDB-ID: #VU54274
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34388
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper access control
EUVDB-ID: #VU54273
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34387
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the ARM TrustZone Technology. A local administrator can gain write access to kernel code and data that is otherwise mapped read only.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Integer overflow
EUVDB-ID: #VU54271
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34385
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel. A local administrator can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Heap-based buffer overflow
EUVDB-ID: #VU54259
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34373
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error in the NVIDIA TLK kernel. A local administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and cause information disclosure and denial of service.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Heap-based buffer overflow
EUVDB-ID: #VU54270
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34384
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Heap-based buffer overflow
EUVDB-ID: #VU54269
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34383
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Integer overflow
EUVDB-ID: #VU54268
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34382
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Trusty TLK in the "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Integer overflow
EUVDB-ID: #VU54267
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34381
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Trusty TLK in the "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Heap-based buffer overflow
EUVDB-ID: #VU54266
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34380
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU54265
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34379
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU54264
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34378
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service TA. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU54263
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34377
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service TA. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU54262
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34376
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service TA. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Stack-based buffer overflow
EUVDB-ID: #VU54261
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34375
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error in all trusted applications (TAs). A local administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU54260
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34374
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in command handlers. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson TX1: before 32.5.1
Jetson TX2 series: before 32.5.1
Jetson TX2 NX: before 32.5.1
Jetson AGX Xavier series: before 32.5.1
Jetson Xavier NX: before 32.5.1
Jetson Nano: before 32.5.1
Jetson Nano 2GB: before 32.5.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5205
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
