Integer Underflow Vulnerability in NVIDIA Linux Kernel Distributions
CVE-2021-1108

7.3HIGH

Key Information:

Vendor: Nvidia
Status: Jetson Agx Xavier Series, Jetson Xavier Nx, Jetson Tx2 Series, Jetson Tx2 Nx, Jetson Nano, Jetson Nano 2gb, Jetson Tx1; Shield Tv
Vendor: CVE Published:; 11 August 2021

Summary

NVIDIA Linux kernel distributions are impacted by an integer underflow vulnerability in the FuSa Capture (VI/ISP) component. This vulnerability arises from insufficient input validation, potentially allowing attackers to exploit this flaw, which may result in a complete denial of service, compromised integrity, and severe confidentiality breaches across all processes within the operating system. Such vulnerabilities highlight the importance of ensuring robust input validation mechanisms to protect system integrity and confidentiality.

Affected Version(s)

Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1 All Jetson Linux versions prior to r32.6.1

Shield TV All Shield TV versions prior to SE 9.0

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5216

x_refsource_MISC

https://nvidia.custhelp.com/app/answers/detail/a_id/5259

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Nov 12, 2020