Integer Overflow Vulnerability in NVIDIA TLK Kernel
CVE-2021-34382

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Jetson Tx1
Vendor: CVE Published:; 30 June 2021

Summary

NVIDIA's Trusty TLK kernel is susceptible to an integer overflow vulnerability within the tz_map_shared_mem function. This flaw arises when the size parameter is processed, causing an overflow in both the request buffer and the logging buffer. This vulnerability potentially allows for unauthorized writes to arbitrary addresses in the kernel, which could lead to further exploitation of the system. It's crucial for users and administrators to be aware of this issue and to apply necessary patches to protect their systems.

Affected Version(s)

NVIDIA Jetson TX1 All Jetson Linux versions prior to r32.5.1

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5205

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2021
Vulnerability Reserved
Jun 9, 2021