Buffer Overflow Vulnerability in NVIDIA Bootloader NV3P Server
CVE-2021-1111

6.7MEDIUM

Key Information:

Vendor

Nvidia
Status
Nvidia Jetson Agx Xavier Series, Jetson Xavier Nx, Jetson Tx2 Series, Jetson Tx2 Nx
Vendor
CVE Published:
11 August 2021

What is CVE-2021-1111?

A buffer overflow vulnerability exists in the NV3P server of NVIDIA's Bootloader, allowing an adversary with physical access via USB to exploit an incorrect bounds check. This flaw may enable limited information disclosure, compromise data integrity, and cause a denial of service across multiple system components. Due to its design, the NV3P server is susceptible to unauthorized manipulation if physical access controls are not strictly enforced. Ensuring timely updates and access restrictions is crucial in mitigating potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX All Jetson Linux versions prior to r32.6.1

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5216
x_refsource_CONFIRM

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.