Skip to main content

Jetson Linux CVE-2021-34378

MEDIUM
Buffer Overflow (CWE-119)
2021-06-30 psirt@nvidia.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 30, 2021 - 11:15 nvd
MEDIUM 6.7

DescriptionNVD

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to information disclosure, denial of service, or escalation of privileges.

AnalysisAI

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to information disclosure, denial of service, or escalation of privileges. Affected products include: Nvidia Jetson Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2024-0108 HIGH
8.8 Aug 08

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean u

CVE-2022-42269 HIGH
7.9 Dec 30

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a

CVE-2022-42270 HIGH
7.8 Dec 30

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a loca

CVE-2021-1107 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access control

CVE-2021-1106 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, wh

CVE-2021-34384 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which m

CVE-2021-34382 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on t

CVE-2021-34381 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of

CVE-2021-34380 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metad

CVE-2021-34372 HIGH
7.8 Jun 22

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol

CVE-2021-34388 HIGH
7.8 Jun 21

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to contr

CVE-2022-21819 HIGH
7.6 Mar 11

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unpr

Share

CVE-2021-34378 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy