Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX by NVIDIA

    CVE-2021-34397 (GCVE-0-2021-34397)

    Vulnerability from nvd – Published: 2021-06-22 21:25 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX Affected: All Jetson Linux versions prior to r32.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.915Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Jetson Linux versions prior to r32.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-22T21:25:33.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Jetson Linux versions prior to r32.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34397",
        "datePublished": "2021-06-22T21:25:33.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:49.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34394 (GCVE-0-2021-34394)

    Vulnerability from nvd – Published: 2021-06-22 21:25 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX Affected: All Jetson Linux versions prior to r32.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.176Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Jetson Linux versions prior to  r32.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T22:50:48.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Jetson Linux versions prior to  r32.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34394",
        "datePublished": "2021-06-22T21:25:29.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:50.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34393 (GCVE-0-2021-34393)

    Vulnerability from nvd – Published: 2021-06-22 21:25 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
    CWE
    • information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX Affected: All Jetson Linux versions prior to r32.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Jetson Linux versions prior to r32.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-22T21:25:27.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Jetson Linux versions prior to r32.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34393",
        "datePublished": "2021-06-22T21:25:27.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:50.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34372 (GCVE-0-2021-34372)

    Vulnerability from nvd – Published: 2021-06-22 21:25 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.
    CWE
    • information disclosure, escalation of privileges, denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX Affected: All Jetson Linux versions prior to r32.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Jetson Linux versions prior to r32.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure, escalation of privileges, denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-22T21:25:21.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Jetson Linux versions prior to r32.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure, escalation of privileges, denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34372",
        "datePublished": "2021-06-22T21:25:21.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:49.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34397 (GCVE-0-2021-34397)

    Vulnerability from cvelistv5 – Published: 2021-06-22 21:25 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX Affected: All Jetson Linux versions prior to r32.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.915Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Jetson Linux versions prior to r32.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-22T21:25:33.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Jetson Linux versions prior to r32.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34397",
        "datePublished": "2021-06-22T21:25:33.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:49.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34394 (GCVE-0-2021-34394)

    Vulnerability from cvelistv5 – Published: 2021-06-22 21:25 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX Affected: All Jetson Linux versions prior to r32.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.176Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Jetson Linux versions prior to  r32.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T22:50:48.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Jetson Linux versions prior to  r32.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34394",
        "datePublished": "2021-06-22T21:25:29.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:50.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34393 (GCVE-0-2021-34393)

    Vulnerability from cvelistv5 – Published: 2021-06-22 21:25 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
    CWE
    • information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX Affected: All Jetson Linux versions prior to r32.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Jetson Linux versions prior to r32.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-22T21:25:27.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Jetson Linux versions prior to r32.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34393",
        "datePublished": "2021-06-22T21:25:27.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:50.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34372 (GCVE-0-2021-34372)

    Vulnerability from cvelistv5 – Published: 2021-06-22 21:25 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.
    CWE
    • information disclosure, escalation of privileges, denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX Affected: All Jetson Linux versions prior to r32.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Jetson Linux versions prior to r32.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure, escalation of privileges, denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-22T21:25:21.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Jetson Linux versions prior to r32.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure, escalation of privileges, denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34372",
        "datePublished": "2021-06-22T21:25:21.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:49.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }