Lucene search

NvidiaCVELIST:CVE-2021-34395

HistoryJun 22, 2021 - 9:25 p.m.

CVE-2021-34395

2021-06-2221:25:30

nvidia

www.cve.org

trusty tlk

access permission

vulnerability

limited disclosure

risk

local privileges

information disclosure

modifications

denial of service

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.

CNA Affected

[
  {
    "product": "NVIDIA Jetson TX1",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All Jetson Linux versions prior to  r32.5.1"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5205

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-34395