CVE-2021-34394
Summary
| CVE | CVE-2021-34394 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-22 22:15:00 UTC |
| Updated | 2021-09-20 19:02:00 UTC |
| Description | Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification. |
Risk And Classification
Problem Types: CWE-502
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Nvidia | Jetson Agx Xavier 16gb | - | All | All | All |
| Hardware | Nvidia | Jetson Agx Xavier 32gb | - | All | All | All |
| Hardware | Nvidia | Jetson Agx Xavier 8gb | - | All | All | All |
| Operating System | Nvidia | Jetson Linux | All | All | All | All |
| Hardware | Nvidia | Jetson Tx2 | - | All | All | All |
| Hardware | Nvidia | Jetson Tx2i | - | All | All | All |
| Hardware | Nvidia | Jetson Tx2 4gb | - | All | All | All |
| Hardware | Nvidia | Jetson Tx2 Nx | - | All | All | All |
| Hardware | Nvidia | Jetson Xavier Nx | - | All | developer_kit | All |
| Hardware | Nvidia | Jetson Xavier Nx | - | All | production | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - June 2021 | NVIDIA | CONFIRM | nvidia.custhelp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.