Lucene search

NvidiaCVELIST:CVE-2021-1071

HistoryJan 26, 2021 - 9:20 p.m.

CVE-2021-1071

2021-01-2621:20:14

nvidia

www.cve.org

nvidia

tegra

kernel

vulnerability

access control

jetson agx xavier series

jetson xavier nx

tx1

tx2

nano

nano 2gb

l4t

ina3221 driver

unauthorized users

system power usage data

information disclosure

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

12.6%

JSON

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.

CNA Affected

[
  {
    "product": "NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All L4T versions prior to r32.5"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5147

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-1071