Lucene search

[email protected]CVE-2021-34380

HistoryJun 30, 2021 - 11:15 a.m.

CVE-2021-34380

2021-06-3011:15:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-34380

bootloader

nvidia mb2

vulnerability

heap overflow

arbitrary code execution

denial of service

information disclosure

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.0%

JSON

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.

CPENameOperatorVersion
nvidia:jetson_linuxnvidia jetson linuxlt32.5.1

CPE	Name	Operator	Version
nvidia:jetson_linux	nvidia jetson linux	lt	32.5.1

References

nvidia.custhelp.com/app/answers/detail/a_id/5205

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.0%

JSON

Related for CVE-2021-34380

prion1 nvidia1