Описание
Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 32.5.1 (исключая)
Одновременно
cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:*
cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:*
EPSS
Процентиль: 30%
0.00112
Низкий
4.2 Medium
CVSS3
6.7 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
github
больше 3 лет назад
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.
EPSS
Процентиль: 30%
0.00112
Низкий
4.2 Medium
CVSS3
6.7 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-502