Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5216
HistoryAug 04, 2021 - 12:00 a.m.

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB)- August 2021

2021-08-0400:00:00
nvidia.custhelp.com
13

0.001 Low

EPSS

Percentile

24.6%

JSON

NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to escalation of privileges, denial of service, and information disclosure. To protect your system, download and install the latest NVIDIA JetPack 4.6 SDK from Jetson Download Center.

Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

CVE ID Description Base Score Vector
CVE‑2021‑1106 NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system. 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE‑2021‑1107 NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components. 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE‑2021‑1108 NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system. 7.3 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
CVE‑2021‑1109 NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams. 7.2 AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE‑2021‑1110 NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components. 7.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE‑2021‑1111 Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components. 6.7 AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
CVE‑2021‑1112 NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service. 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE‑2021‑1113

NVIDIA camera firmware contains a difficult-to-exploit vulnerability, where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients.

| 4.7 | AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
CVE‑2021‑1114 | NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service. | 4.4 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

CVE IDs Addressed Software Product Operating System Affected Versions Updated Version
CVE‑2021‑1110 Jetson AGX Xavier series, Jetson Xavier NX Jetson Linux All 32.x versions prior to 32.6.1 32.6.1
CVE‑2021‑1106 CVE‑2021‑1107 CVE‑2021‑1108 CVE‑2021‑1109 CVE‑2021‑1112 CVE‑2021‑1113 Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1 Jetson Linux All 32.x versions prior to 32.6.1 32.6.1
CVE‑2021‑1111 CVE‑2021‑1114 Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX Jetson Linux All 32.x versions prior to 32.6.1 32.6.1

Notes

  • Earlier software branch releases that support this product are also affected. If you are using an earlier branch release, upgrade to the latest branch release.

Mitigations

See Security Updates for the version to install.

Related

nvidia 1
cve 9
prion 9
cvelist 9
cnvd 6
nvidia
nvidia
Security Bulletin: NVIDIA SHIELD TV - January 2022
2022-01-12 00:00:00
cve
cve
CVE-2021-1112
2021-08-11 22:15:00
CVE-2021-1110
2021-08-11 22:15:00
CVE-2021-1114
2021-08-11 22:15:00
prion
prion
Null pointer dereference
2021-08-11 22:15:00
Design/Logic Flaw
2021-08-11 22:15:00
Design/Logic Flaw
2021-08-11 22:15:00
cvelist
cvelist
CVE-2021-1112
2021-08-11 21:33:05
CVE-2021-1110
2021-08-11 21:33:03
CVE-2021-1114
2021-08-11 21:33:07
cnvd
cnvd
Jetson Linux Input Validation Error Vulnerability (CNVD-2021-102834)
2021-08-06 00:00:00
Jetson Linux Resource Management Error Vulnerability
2021-08-06 00:00:00
NVIDIA Bootloader Buffer Overflow Vulnerability
2021-08-06 00:00:00

0.001 Low

EPSS

Percentile

24.6%

JSON
Related for NVIDIA:5216
nvidia1cve9prion9cvelist9cnvd6