Buffer Overflow Vulnerability in NVIDIA Trusty OTE Protocol
CVE-2021-34394

4.2MEDIUM

Key Information:

Vendor
Nvidia
Status
Nvidia Jetson Tx2 Series, Tx2 Nx, Agx Xavier Series, Xavier Nx
Vendor
CVE Published:
22 June 2021

Summary

NVIDIA Trusty contains a vulnerability within the OTE protocol, affecting all Trusted Applications. The flaw results from improper message stream deserialization, which allows an attacker to exploit a malicious Certification Authority (CA) running at the user level. This can lead to a buffer overflow, potentially compromising data integrity and enabling unauthorized access to sensitive information.

Affected Version(s)

NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX All Jetson Linux versions prior to r32.5.1

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5205
x_refsource_CONFIRM

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.