Skip to main content

Jetson Linux CVE-2021-34372

HIGH
Integer Overflow or Wraparound (CWE-190)
2021-06-22 psirt@nvidia.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 22, 2021 - 22:15 nvd
HIGH 7.8

DescriptionNVD

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

AnalysisAI

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service. Affected products include: Nvidia Jetson Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2024-0108 HIGH
8.8 Aug 08

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean u

CVE-2022-42269 HIGH
7.9 Dec 30

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a

CVE-2022-42270 HIGH
7.8 Dec 30

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a loca

CVE-2021-1107 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access control

CVE-2021-1106 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, wh

CVE-2021-34384 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which m

CVE-2021-34382 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on t

CVE-2021-34381 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of

CVE-2021-34380 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metad

CVE-2021-34388 HIGH
7.8 Jun 21

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to contr

CVE-2022-21819 HIGH
7.6 Mar 11

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unpr

CVE-2021-1108 HIGH
7.3 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack

Share

CVE-2021-34372 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy