Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-34372

Опубликовано: 22 июн. 2021
Источник: nvd
CVSS3: 8.2
CVSS3: 7.8
CVSS2: 4.6
EPSS Низкий

Описание

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*
Версия до 32.5.1 (исключая)

Одно из

cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_nano:-:*:-:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_nano:-:*:developer_kit:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:*

EPSS

Процентиль: 23%
0.00075
Низкий

8.2 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

github логотип

GHSA-f9wp-3r92-4ghh

github
больше 3 лет назад

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

EPSS

Процентиль: 23%
0.00075
Низкий

8.2 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-190