Lucene search

NvidiaCVELIST:CVE-2021-34387

HistoryJun 21, 2021 - 9:35 p.m.

CVE-2021-34387

2021-06-2121:35:16

nvidia

www.cve.org

trustzone

vulnerability

access permissions

dram

tlk

kernel code

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

12.6%

JSON

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.

CNA Affected

[
  {
    "product": "NVIDIA Jetson TX1",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All Jetson Linux versions prior to r32.5.1"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5205

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-34387