8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
80.8%
NVIDIA has released a software update for Jetson AGX Xavier™, Jetson Xavier NX, Jetson™ TX1, Jetson TX2, Jetson Nano™, and Jetson Nano 2GB in the NVIDIA® JetPack™ software development kit (SDK) 4.5. The update addresses security issues that may lead to denial of service, data loss, and information disclosure. To protect your system, download and install the latest NVIDIA JetPack SDK from NVIDIA DevZone. Go to NVIDIA Product Security.
This section provides a summary of potential vulnerabilities and their impact that this security update addresses. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.
CVE IDs | Description | Base Score | Vector |
---|---|---|---|
CVE‑2021‑1070 | NVIDIA L4T contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service. |
7.1 | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
CVE‑2021‑1069 |
NVIDIA Tegra® kernel driver contains a vulnerability in NVHost
in which the variable can be null, which may lead to a null pointer dereference and unexpected reboot, leading to data loss.
| 6.1 | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE‑2021‑1071 | NVIDIA Tegra kernel contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure. | 5.6 | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.
The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.
CVE IDs Addressed | Software Product | Operating System | Affected Versions | Updated Version |
---|---|---|---|---|
CVE‑2021‑1069 CVE‑2021‑1070 CVE‑2021‑1071 | Jetson TX1, TX2 series,Jetson AGX Xavier series, Jetson Xavier NX, Jetson Nano, and Jetson Nano 2GB | Linux for Tegra (L4T) | All versions prior to L4T release r32.5 | L4T release r32.5 |
Notes:
See Security Updates for the version to install.
NVIDIA thanks following individuals for reporting the issues:
CPE | Name | Operator | Version |
---|---|---|---|
jetson tx1 | lt | 4T | |
tx2 series | lt | 4T | |
jetson agx xavier series | lt | 4T | |
jetson xavier nx | lt | 4T | |
jetson nano | lt | 4T | |
jetson nano 2gb | lt | 4T |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
80.8%