Vulnerability-Lookup

CVE-2021-1109 (GCVE-0-2021-1109)

Vulnerability from cvelistv5 – Published: 2021-08-11 21:33 – Updated: 2024-08-03 15:55

Summary

NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

CWE

data integrity, denial of service.

Assigner

nvidia

References

URL

Tags

https://nvidia.custhelp.com/app/answers/detail/a_…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	NVIDIA	Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1.	Affected: All Jetson Linux versions prior to r32.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:55:18.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1.",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All Jetson Linux versions prior to r32.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "data integrity, denial of service.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-11T21:33:02",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2021-1109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All Jetson Linux versions prior to r32.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NVIDIA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.2,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "data integrity, denial of service."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216",
              "refsource": "MISC",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2021-1109",
    "datePublished": "2021-08-11T21:33:02",
    "dateReserved": "2020-11-12T00:00:00",
    "dateUpdated": "2024-08-03T15:55:18.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-1109\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2021-08-11T22:15:08.193\",\"lastModified\":\"2024-11-21T05:43:36.923\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.\"},{\"lang\":\"es\",\"value\":\"El firmware de la c\u00e1mara NVIDIA contiene una vulnerabilidad relacionada con la temporizaci\u00f3n en la que una modificaci\u00f3n no autorizada de recursos de la c\u00e1mara puede resultar en una p\u00e9rdida de la integridad de datos o una denegaci\u00f3n de servicio en varios flujos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":3.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"32.1\",\"versionEndExcluding\":\"32.6.1\",\"matchCriteriaId\":\"9E69A431-2B5A-4718-BCD2-CA2D1077641B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DD3D2AA-2A9F-470D-BB0F-A7B7C2EC2490\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B2B041F-21A8-4F0B-BBAF-7CDD8B911547\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52E153CA-BE89-4C66-8B72-8901BF592423\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86D1FDAD-C594-43D9-9BF6-F7461177AB91\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE9D4A55-A232-4AF2-B7E9-CD58D7D17479\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64C3FB58-08AA-4FE4-97BE-21B254BA229F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0AA5976-FD71-4A53-BD4F-D342E871FEB0\"}]}]}],\"references\":[{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5216\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2021-102833

Vulnerability from cnvd - Published: 2021-12-28

Title

Jetson Linux资源管理错误漏洞

Description

Jetson Linux是一个应用软件。用于深度学习和计算机视觉的高性能、低功耗计算使其成为计算密集型项目的理想平台。 Jetson Linux存在资源管理错误漏洞，该漏洞源于对内部资源管理不当。攻击者可利用漏洞导致数据完整性丢失或跨多个流拒绝服务。

Severity

低

Patch Name

Jetson Linux资源管理错误漏洞的补丁

Patch Description

Jetson Linux是一个应用软件。用于深度学习和计算机视觉的高性能、低功耗计算使其成为计算密集型项目的理想平台。 Jetson Linux存在资源管理错误漏洞，该漏洞源于对内部资源管理不当。攻击者可利用漏洞导致数据完整性丢失或跨多个流拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://nvidia.custhelp.com/app/answers/detail/a_id/5216

Reference

https://nvidia.custhelp.com/app/answers/detail/a_id/5216

Impacted products

Name
NVIDIA Jetson Linux 32.*，<32.6.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-1109"
    }
  },
  "description": "Jetson Linux\u662f\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u7528\u4e8e\u6df1\u5ea6\u5b66\u4e60\u548c\u8ba1\u7b97\u673a\u89c6\u89c9\u7684\u9ad8\u6027\u80fd\u3001\u4f4e\u529f\u8017\u8ba1\u7b97\u4f7f\u5176\u6210\u4e3a\u8ba1\u7b97\u5bc6\u96c6\u578b\u9879\u76ee\u7684\u7406\u60f3\u5e73\u53f0\u3002\n\nJetson Linux\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u5185\u90e8\u8d44\u6e90\u7ba1\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u6570\u636e\u5b8c\u6574\u6027\u4e22\u5931\u6216\u8de8\u591a\u4e2a\u6d41\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5216",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-102833",
  "openTime": "2021-12-28",
  "patchDescription": "Jetson Linux\u662f\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u7528\u4e8e\u6df1\u5ea6\u5b66\u4e60\u548c\u8ba1\u7b97\u673a\u89c6\u89c9\u7684\u9ad8\u6027\u80fd\u3001\u4f4e\u529f\u8017\u8ba1\u7b97\u4f7f\u5176\u6210\u4e3a\u8ba1\u7b97\u5bc6\u96c6\u578b\u9879\u76ee\u7684\u7406\u60f3\u5e73\u53f0\u3002\r\n\r\nJetson Linux\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u5185\u90e8\u8d44\u6e90\u7ba1\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u6570\u636e\u5b8c\u6574\u6027\u4e22\u5931\u6216\u8de8\u591a\u4e2a\u6d41\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Jetson Linux\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NVIDIA Jetson Linux 32.*\uff0c\u003c32.6.1"
  },
  "referenceLink": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216",
  "serverity": "\u4f4e",
  "submitTime": "2021-08-06",
  "title": "Jetson Linux\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

GHSA-HVC5-C94F-JG73

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-1109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-11T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.",
  "id": "GHSA-hvc5-c94f-jg73",
  "modified": "2022-05-24T19:11:02Z",
  "published": "2022-05-24T19:11:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1109"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2021-1109

Vulnerability from fkie_nvd - Published: 2021-08-11 22:15 - Updated: 2024-11-21 05:43

Severity ?

7.2 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

References

	URL	Tags
	psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/5216	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://nvidia.custhelp.com/app/answers/detail/a_id/5216	Vendor Advisory

Impacted products

Vendor	Product	Version
nvidia	jetson_linux	*
nvidia	jetson_agx_xavier	-
nvidia	jetson_nano	-
nvidia	jetson_nano_2gb	-
nvidia	jetson_tx1	-
nvidia	jetson_tx2	-
nvidia	jetson_tx2_nx	-
nvidia	jetson_xavier_nx	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E69A431-2B5A-4718-BCD2-CA2D1077641B",
              "versionEndExcluding": "32.6.1",
              "versionStartIncluding": "32.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DD3D2AA-2A9F-470D-BB0F-A7B7C2EC2490",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2B041F-21A8-4F0B-BBAF-7CDD8B911547",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E153CA-BE89-4C66-8B72-8901BF592423",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86D1FDAD-C594-43D9-9BF6-F7461177AB91",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64C3FB58-08AA-4FE4-97BE-21B254BA229F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AA5976-FD71-4A53-BD4F-D342E871FEB0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams."
    },
    {
      "lang": "es",
      "value": "El firmware de la c\u00e1mara NVIDIA contiene una vulnerabilidad relacionada con la temporizaci\u00f3n en la que una modificaci\u00f3n no autorizada de recursos de la c\u00e1mara puede resultar en una p\u00e9rdida de la integridad de datos o una denegaci\u00f3n de servicio en varios flujos"
    }
  ],
  "id": "CVE-2021-1109",
  "lastModified": "2024-11-21T05:43:36.923",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.8,
        "source": "psirt@nvidia.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-11T22:15:08.193",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-1109

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-1109

Aliases

CVE-2021-1109

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-1109",
    "description": "NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.",
    "id": "GSD-2021-1109"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1109"
      ],
      "details": "NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.",
      "id": "GSD-2021-1109",
      "modified": "2023-12-13T01:23:22.316459Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@nvidia.com",
        "ID": "CVE-2021-1109",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1.",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All Jetson Linux versions prior to r32.6.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NVIDIA"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 7.2,
          "baseSeverity": "High",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "data integrity, denial of service."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216",
            "refsource": "MISC",
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "32.6.1",
                    "versionStartIncluding": "32.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2021-1109"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2021-09-21T19:46Z",
      "publishedDate": "2021-08-11T22:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-1109 (GCVE-0-2021-1109)

CNVD-2021-102833

GHSA-HVC5-C94F-JG73

FKIE_CVE-2021-1109

GSD-2021-1109

Tags

Sightings

Nomenclature