{"api_version":"1","generated_at":"2026-04-23T02:58:40+00:00","cve":"CVE-2021-34393","urls":{"html":"https://cve.report/CVE-2021-34393","api":"https://cve.report/api/cve/CVE-2021-34393.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-34393","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-34393"},"summary":{"title":"CVE-2021-34393","description":"Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.","state":"PUBLIC","assigner":"psirt@nvidia.com","published_at":"2021-06-22 22:15:00","updated_at":"2021-06-29 19:50:00"},"problem_types":["CWE-502"],"metrics":[],"references":[{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5205","name":"https://nvidia.custhelp.com/app/answers/detail/a_id/5205","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - June 2021 | NVIDIA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-34393","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-34393","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_agx_xavier_16gb","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_agx_xavier_32gb","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_agx_xavier_8gb","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"nvidia","cpe5":"jetson_linux","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_tx1","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_tx2","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_tx2i","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_tx2_4gb","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_tx2_nx","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_xavier_nx","cpe6":"-","cpe7":"*","cpe8":"developer_kit","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"34393","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"nvidia","cpe5":"jetson_xavier_nx","cpe6":"-","cpe7":"*","cpe8":"production","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@nvidia.com","ID":"CVE-2021-34393","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX","version":{"version_data":[{"version_value":"All Jetson Linux versions prior to r32.5.1"}]}}]},"vendor_name":"NVIDIA"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.2,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"information disclosure"}]}]},"references":{"reference_data":[{"name":"https://nvidia.custhelp.com/app/answers/detail/a_id/5205","refsource":"CONFIRM","url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2021-06-22 22:15:00","lastModifiedDate":"2021-06-29 19:50:00","problem_types":["CWE-502"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*","versionEndExcluding":"32.5.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"34393","Ordinal":"209856","Title":"CVE-2021-34393","CVE":"CVE-2021-34393","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"34393","Ordinal":"1","NoteData":"Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"34393","Ordinal":"2","NoteData":"2021-06-22","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"34393","Ordinal":"3","NoteData":"2021-06-22","Type":"Other","Title":"Modified"}]}}}