49 matches found
CVE-2021-34372
The CVE-2021-34372 entry concerns NVIDIA Jetson Trusty (TEE) driver: an integer overflow in the malloc() size calculation inside the NVIDIA OTE protocol message parsing code causes a heap buffer overflow. This can lead to information disclosure, privilege escalation, and denial of service on affe...
CVE-2022-21819
CVE-2022-21819 affects NVIDIA Jetson Linux distributions. The issue arises from an error in the IOMMU configuration, which may allow an unprivileged attacker with physical access to directly read/write the entire system address space via the PCI bus. Impacts include denial of service, code execut...
CVE-2021-34397
The CVE-2021-34397 issue affects NVIDIA Jetson devices (Jetson AGX Xavier, Xavier NX, Jetson TX1/TX2/TX2 NX, Nano/Nano 2GB) where the Bootloader (NVIDIA MB2) contains a heap-overflow vulnerability. The root cause is a potential heap overflow in MB2 during boot, which could lead to heap metadata c...
CVE-2021-1113
CVE-2021-1113 affects NVIDIA Jetson/JetPack camera firmware. The vulnerability allows a highly privileged local attacker to modify camera resources, potentially causing complete denial of service and partial data integrity loss across clients. Affected products include NVIDIA Jetson Linux on Jets...
CVE-2024-0108
CVE-2024-0108 is tied to NVIDIA Jetson Linux, specifically NvGPU. The issue arises in error handling paths within the GPU MMU mapping code, which fail to clean up after a failed mapping attempt. Impact described in sources includes potential denial of service, code execution, and privilege escala...
CVE-2022-28195
CVE-2022-28195: A vulnerability in the NVIDIA Jetson Linux Driver Package’s Cboot ext4_read_file function allows insufficient validation of untrusted data, enabling a highly privileged local attacker to cause an integer overflow and potentially achieve code execution, privilege escalation, and li...
CVE-2021-34395
CVE-2021-34395 is a local, access-permission issue in Trusty TLK (NVIDIA TLK kernel) where access to a resource may not be properly restricted for a locally privileged user. The impact described in the sources is limited information disclosure, with a low likelihood of data modification and limit...
CVE-2021-1108
NVIDIA Jetson/Linux kernels contain a vulnerability in FuSa Capture (VI/ISP) where an integer underflow caused by insufficient input validation may lead to denial of service, partial integrity loss, and high confidentiality impact on all processes. The issue is locally exploitable; NVIDIA referen...
CVE-2021-34392
Summary: CVE-2021-34392 concerns Trusty TLK within NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, potentially enabling a denial of service. The vulnerability is documented across multiple sources (NVD, Red Hat advisory, NVIDIA bulletin) a...
CVE-2022-28194
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, potentially leading to code execution, loss of integrity, limited denial of service, and confident...
CVE-2021-1111
The CVE-2021-1111 entry concerns NVIDIA Jetson bootloader (NV3P server). Affected components are bootloader code on Jetson Linux devices (Jetson AGX Xavier, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano). The vulnerability arises from an incorrect bounds check in the bootloader ...
CVE-2021-34388
This CVE (CVE-2021-34388) affects NVIDIA Jetson/MB2 bootloader (TegraBoot). The vulnerability is a heap overflow in the bootloader that could allow an attacker to control RAM after the heap block, potentially enabling denial of service or code execution. Affected products include Jetson TX1, TX2 ...
CVE-2021-34389
CVE-2021-34389 affects NVIDIA Trusty (NVIDIA OTE) where a bounds-check flaw in the OTE protocol message parsing can let a local attacker access heap memory in TrustZone, causing information disclosure. Affected: Trusty/TAs in Jetson Trusty environment. Root cause: incorrect bounds check in NVIDIA...
CVE-2022-28193
The CVE-2022-28193 entry concerns NVIDIA Jetson Linux Driver Package. A vulnerability in the Cboot module tegrabl_cbo.c arises from insufficient validation of untrusted data, which can permit a local attacker with elevated privileges to cause a memory buffer overflow. Claimed impacts include code...
CVE-2022-28197
The CVE-2022-28197 entry concerns NVIDIA Jetson Linux Driver Package and the Cboot ext4_mount function, where insufficient validation of untrusted data can allow a highly privileged local attacker to trigger an integer overflow, potentially enabling code execution, privilege escalation, and limit...
CVE-2022-28196
CVE-2022-28196 affects NVIDIA Jetson Linux Driver Package, specifically the Cboot blob_decompress function. The vulnerability arises from insufficient validation of untrusted data, enabling a local, privileged attacker to trigger a memory buffer overflow and potentially achieve code execution, wi...
CVE-2021-34391
CVE-2021-34391 relates to Trusty TLK on NVIDIA Jetson/Trusty in which the TZ map shared memory size parameter can overflow due to insufficient input validation. The root cause is an integer overflow in the NVIDIA TLK kernel function tz_map_shared_mem, which may enable denial of service and, per s...
CVE-2021-1107
CVE-2021-1107 affects NVIDIA Linux kernel distributions via the nvmap NVMAP_IOC_WRITE* paths, where improper access controls may allow code execution, complete denial of service, or severe integrity compromise of all system components. The issue is described across multiple connected sources (Red...
CVE-2022-42270
CVE-2022-42270 affects NVIDIA distributions of Linux via the nvdla_emu_task_submit path, where unvalidated input can lead to a stack-based kernel buffer overflow and local privilege escalation, compromising integrity, confidentiality, and availability. Public sources in connected docs confirm the...
CVE-2021-1106
CVE-2021-1106 affects NVIDIA Jetson/Linux kernel nvmap: writes to read-only buffers may enable privilege escalation, denial of service, information disclosure, and data tampering across processes. Documented impact in multiple sources (NVIDIA Jetson and Red Hat entries) with mitigation through so...
CVE-2021-34390
CVE-2021-34390 concerns Trusty TLK (NVIDIA TLK kernel) where a lack of checks enables an integer overflow via a user-triggered SMC call, potentially causing denial of service. The connected NVIDIA bulletin (Security Updates) confirms affected Jetson products and recommends updating to newer Debia...
CVE-2021-34394
CVE-2021-34394 affects NVIDIA Trusty (NVIDIA OTE protocol) used in Jetson devices. The issue is an incorrect message stream deserialization in the OTE protocol that can allow a local attacker to trigger a buffer overflow, potentially leading to information disclosure and data modification. NVIDIA...
CVE-2021-1110
The CVE-2021-1110 entry concerns NVIDIA Linux kernel distributions on Jetson Xavier where a camera firmware input validation issue can let an attacker modify data after validation, potentially causing full DoS and severe data corruption across kernel components. Connected sources specify this is ...
CVE-2021-1114
CVE-2021-1114 affects NVIDIA Linux kernel distributions via the kernel crypto node vulnerable to a use-after-free, leading to denial of service. Affected component is the kernel crypto node within Jetson/Linux kernel space. Impact is denial of service (availability) with no confidentiality or int...
CVE-2021-1112
CVE-2021-1112 concerns a vulnerability in NVIDIA Linux kernel distributions, specifically in the nvmap component, where a null pointer dereference can cause a complete denial of service. The connected documents confirm this as the root cause and reference the same description across multiple sour...
CVE-2021-34386
CVE-2021-34386 affects NVIDIA Trusty TLK kernel (TLK) used in Jetson Linux environments. The root cause is an integer overflow in the calloc size calculation, where multiplication of count and size can overflow, potentially causing heap overflows. Connected sources (Red Hat advisory and NVIDIA se...
CVE-2021-34396
CVE-2021-34396 affects NVIDIA bootloader (MB2) where a vulnerability in access permission settings could allow unauthorized software to overwrite MB2 code, potentially causing limited denial of service. The issue is rooted in bootloader access control, as described in multiple sources, and is ass...
CVE-2022-42269
CVE-2022-42269 affects NVIDIA Trusted OS via an SMC call handler where untrusted input is not validated, allowing a highly privileged local attacker to disclose information and compromise integrity. The issue is documented across multiple sources, with NVIDIA’s security bulletin indicating affect...
CVE-2021-1109
CVE-2021-1109 describes a timing-related vulnerability in NVIDIA camera firmware that could allow an unauthorized modification by camera resources, leading to loss of data integrity or denial of service across multiple streams. Connected sources confirm the issue affects NVIDIA Jetson Linux envir...
CVE-2021-34381
CVE-2021-34381 affects NVIDIA Trusty TLK: the vulnerability lies in the TLK kernel function where insufficient checks allow an integer overflow in the size parameter of the tz_map_shared_mem function. This could lead to denial of service, information disclosure, or data tampering. Affected produc...
CVE-2021-34393
CVE-2021-34393: Trusty contains a vulnerability in the TSEC TA where deserialization of incoming messages occurs even though no command is exposed, potentially enabling code execution and information disclosure. Affected component: Trusty (TSEC TA) used in NVIDIA Jetson devices. Root cause: deser...
CVE-2021-34387
CVE-2021-34387 affects NVIDIA Jetson Trusty TLK/Trusty on TrustZone. The vulnerability arises from access permission settings where the DRAM region reserved for TrustZone is identity-mapped by the TLK with read, write, and execute permissions, allowing write access to kernel code and data that sh...
CVE-2021-34373
CVE-2021-34373 affects NVIDIA’s Trusty TLK (Jetson TLK kernel) used in Jetson TX1/TX2/Xavier series; root cause is lack of heap hardening leading to heap overflows in the TLK kernel, enabling information disclosure and denial of service. NVIDIA’s security bulletin notes the vulnerability in the T...
CVE-2021-34378
CVE-2021-34378 affects NVIDIA Jetson devices running Trusty OS. The vulnerability is in the HDCP service TA where bounds checking in command 11 is missing, enabling memory-bounds violations that can cause information disclosure, denial of service, or privilege escalation. Affected products includ...
CVE-2021-34379
CVE-2021-34379 affects NVIDIA Jetson devices running Trusty OS. The HDCP service TA has a bounds-checking flaw in command 10 where the length of an I/O buffer parameter is not checked, potentially leading to memory corruption. The vulnerability is locally exploitable with user interaction not req...
CVE-2023-25518
Summary: CVE-2023-25518 affects NVIDIA Jetson devices due to a flaw in CBoot where the PCIe controller is initialized without an IOMMU. This can allow a physical attacker to read/write arbitrary memory, with potential results including code execution, denial of service, information disclosure, an...
CVE-2021-34377
CVE-2021-34377 affects NVIDIA Jetson Trusty HDCP service TA: bounds checking is missing in command 9, enabling potential memory corruption. This local, low-complexity issue could lead to privilege escalation, information disclosure, and denial of service. NVIDIA’s security bulletin lists updated ...
CVE-2021-34376
CVE-2021-34376 concerns Trusty’s HDCP service TA where bounds checking in command 5 is missing. This memory-bound violation can lead to denial of service, escalation of privileges, and information disclosure. Connected NVIDIA and Red Hat/NVD entries corroborate that Trusty TLK/HDCP TA is the affe...
CVE-2021-34375
Concretely, CVE-2021-34375 affects NVIDIA Jetson devices running Trusty, where the stack cookie in all trusted applications (TAs) was not randomized. This can permit a stack-based buffer overflow, enabling denial of service, privilege escalation, and information disclosure. The issue is tied to T...
CVE-2021-34385
Affected product: NVIDIA Trusty TLK (TLK kernel) used in Jetson/Linux Trusty. Vulnerability: an integer overflow in the calculation of a length within the TLK kernel can cause a heap overflow. Impact: potential heap overflow with accompanying risks described in CVE-2021-34385 (information disclos...
CVE-2023-25520
Consolidated data confirms CVE-2023-25520 affects NVIDIA Jetson Linux Driver Package, specifically the nvbootctrl component. A privileged local attacker can configure invalid nvbootctrl settings, resulting in a denial of service. Remediation is to update Jetson Linux to the patched release (as pe...
CVE-2021-34374
CVE-2021-34374 affects NVIDIA Jetson devices running Trusty OS. The vulnerability is in Trusty command handlers where input buffer lengths are not verified, allowing memory corruption that could cause information disclosure, privilege escalation, or denial of service. Affected products include Je...
CVE-2021-34383
CVE-2021-34383 is a vulnerability in NVIDIA MB2 bootloader where a potential heap overflow could lead to denial of service or escalation of privileges. Affected component: NVIDIA MB2 bootloader used in Jetson devices. Root cause: heap overflow in the bootloader parsing/handling code (MB2) as desc...
CVE-2021-34384
CVE-2021-34384 : A heap overflow in the NVIDIA MB2 bootloader (Jetson platform) could cause memory corruption, potentially leading to denial of service or arbitrary code execution. NVIDIA’s security bulletin lists affected Jetson Linux releases and the updated version 32.5.2 (or the latest Debian...
CVE-2021-34382
CVE-2021-34382 affects NVIDIA Trusty TLK kernel’s tz_map_shared_mem, where an integer overflow in the size parameter causes the request and logging buffers to overflow, allowing writes to arbitrary kernel addresses. Affected products in the NVIDIA Jetson line include Jetson AGX Xavier, Jetson Xav...
CVE-2021-34380
CVE-2021-34380 refers to a vulnerability in the NVIDIA MB2 bootloader used on Jetson devices. The issue is described as a heap overflow that can corrupt heap metadata, with potential outcomes including arbitrary code execution, denial of service, and information disclosure during secure boot. Aff...
CVE-2026-24148
Affected product: NVIDIA Jetson platforms running JetPack/JETSON Linux. The vulnerability resides in the system initialization logic, allowing an unprivileged attacker to initialize a resource with an insecure default. Consequences stated include information disclosure of encrypted data, data tam...
CVE-2026-24154
Technical details about CVE-2026-24154 are not publicly available in the provided documents. Monitor for updates from NVIDIA and security advisories for affected Jetson Linux components.
CVE-2026-24153
Technical details for CVE-2026-24153 are not publicly provided in the supplied documents; no affected products, vulnerable components, or fixes are specified. Monitor for updates from vendors and security advisories.