Buffer Overflow Vulnerability in NVIDIA Bootloader NV3P Server
CVE-2021-1111

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Jetson Agx Xavier Series, Jetson Xavier Nx, Jetson Tx2 Series, Jetson Tx2 Nx
Vendor: CVE Published:; 11 August 2021

What is CVE-2021-1111?

A buffer overflow vulnerability exists in the NV3P server of NVIDIA's Bootloader, allowing an adversary with physical access via USB to exploit an incorrect bounds check. This flaw may enable limited information disclosure, compromise data integrity, and cause a denial of service across multiple system components. Due to its design, the NV3P server is susceptible to unauthorized manipulation if physical access controls are not strictly enforced. Ensuring timely updates and access restrictions is crucial in mitigating potential risks associated with this vulnerability.

Affected Version(s)

NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX All Jetson Linux versions prior to r32.6.1

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5216

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Nov 12, 2020

Nvidia

What is CVE-2021-1111?

Affected Version(s)

References

CVSS V3.1

Timeline