Information Disclosure Vulnerability in NVIDIA Trusty for Secure Computing
CVE-2021-34389

5MEDIUM

Key Information:

Vendor
Nvidia
Status
Nvidia Jetson, Tx2 Series, Tx2 Nx, Agx Xavier Series, Xavier Nx
Vendor
CVE Published:
21 June 2021

Summary

NVIDIA Trusty contains a vulnerability resulting from improper parsing of the OTE protocol messages. This flaw allows local users to exploit an incorrect bounds check, potentially gaining access to sensitive heap memory within the TrustZone environment. This unauthorized access can lead to information disclosure and poses a security risk for systems running affected versions of Trusty.

Affected Version(s)

NVIDIA Jetson, TX2 series, TX2 NX, AGX Xavier series, Xavier NX All Jetson Linux versions prior to r32.5.1

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5205
x_refsource_CONFIRM

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.