CVE-2021-34372

Summary

CVE	CVE-2021-34372
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-06-22 22:15:00 UTC
Updated	2021-06-29 19:37:00 UTC
Description	Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Nvidia	Jetson Agx Xavier 16gb	-	All	All	All
Hardware	Nvidia	Jetson Agx Xavier 32gb	-	All	All	All
Hardware	Nvidia	Jetson Agx Xavier 8gb	-	All	All	All
Operating System	Nvidia	Jetson Linux	All	All	All	All
Hardware	Nvidia	Jetson Nano	-	All	-	All
Hardware	Nvidia	Jetson Nano	-	All	developer_kit	All
Hardware	Nvidia	Jetson Nano 2gb	-	All	All	All
Hardware	Nvidia	Jetson Tx1	-	All	All	All
Hardware	Nvidia	Jetson Tx2	-	All	All	All
Hardware	Nvidia	Jetson Tx2i	-	All	All	All
Hardware	Nvidia	Jetson Tx2 4gb	-	All	All	All
Hardware	Nvidia	Jetson Tx2 Nx	-	All	All	All
Hardware	Nvidia	Jetson Xavier Nx	-	All	developer_kit	All
Hardware	Nvidia	Jetson Xavier Nx	-	All	production	All

References

Reference	Source	Link	Tags
Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - June 2021 \| NVIDIA	CONFIRM	nvidia.custhelp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.