Skip to main content

Jetson Linux CVE-2021-34385

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2021-06-30 psirt@nvidia.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 30, 2021 - 11:15 nvd
MEDIUM 6.7

DescriptionNVD

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow.

AnalysisAI

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow. Affected products include: Nvidia Jetson Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2024-0108 HIGH
8.8 Aug 08

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean u

CVE-2022-42269 HIGH
7.9 Dec 30

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a

CVE-2022-42270 HIGH
7.8 Dec 30

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a loca

CVE-2021-1107 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access control

CVE-2021-1106 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, wh

CVE-2021-34384 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which m

CVE-2021-34382 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on t

CVE-2021-34381 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of

CVE-2021-34380 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metad

CVE-2021-34372 HIGH
7.8 Jun 22

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol

CVE-2021-34388 HIGH
7.8 Jun 21

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to contr

CVE-2022-21819 HIGH
7.6 Mar 11

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unpr

Share

CVE-2021-34385 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy