Lucene search

NvidiaCVELIST:CVE-2021-34376

HistoryJun 30, 2021 - 10:24 a.m.

CVE-2021-34376

2021-06-3010:24:30

nvidia

www.cve.org

trusty

hdcp service

bounds checking

denial of service

privilege escalation

information disclosure

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of service, escalation of privileges, and information disclosure.

CNA Affected

[
  {
    "product": "NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All Jetson Linux versions prior to r32.5.1"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5205

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-34376