Lucene search
+L

39 matches found

CVE
CVE
added 2021/06/22 9:25 p.m.150 views

CVE-2021-34372

The CVE-2021-34372 entry concerns NVIDIA Jetson Trusty (TEE) driver: an integer overflow in the malloc() size calculation inside the NVIDIA OTE protocol message parsing code causes a heap buffer overflow. This can lead to information disclosure, privilege escalation, and denial of service on affe...

8.2CVSS8AI score0.00256EPSS
CVE
CVE
added 2021/06/22 9:25 p.m.120 views

CVE-2021-34397

The CVE-2021-34397 issue affects NVIDIA Jetson devices (Jetson AGX Xavier, Xavier NX, Jetson TX1/TX2/TX2 NX, Nano/Nano 2GB) where the Bootloader (NVIDIA MB2) contains a heap-overflow vulnerability. The root cause is a potential heap overflow in MB2 during boot, which could lead to heap metadata c...

2.3CVSS4.6AI score0.00204EPSS
CVE
CVE
added 2024/08/08 4:18 p.m.110 views

CVE-2024-0108

CVE-2024-0108 is tied to NVIDIA Jetson Linux, specifically NvGPU. The issue arises in error handling paths within the GPU MMU mapping code, which fail to clean up after a failed mapping attempt. Impact described in sources includes potential denial of service, code execution, and privilege escala...

8.8CVSS7.3AI score0.00229EPSS
CVE
CVE
added 2021/06/22 9:25 p.m.97 views

CVE-2021-34395

CVE-2021-34395 is a local, access-permission issue in Trusty TLK (NVIDIA TLK kernel) where access to a resource may not be properly restricted for a locally privileged user. The impact described in the sources is limited information disclosure, with a low likelihood of data modification and limit...

4.6CVSS4.9AI score0.00179EPSS
CVE
CVE
added 2022/04/27 5:57 p.m.95 views

CVE-2022-28195

CVE-2022-28195: A vulnerability in the NVIDIA Jetson Linux Driver Package’s Cboot ext4_read_file function allows insufficient validation of untrusted data, enabling a highly privileged local attacker to cause an integer overflow and potentially achieve code execution, privilege escalation, and li...

5.7CVSS5.7AI score0.00232EPSS
CVE
CVE
added 2021/06/22 9:25 p.m.89 views

CVE-2021-34392

Summary: CVE-2021-34392 concerns Trusty TLK within NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, potentially enabling a denial of service. The vulnerability is documented across multiple sources (NVD, Red Hat advisory, NVIDIA bulletin) a...

5.5CVSS6AI score0.00187EPSS
CVE
CVE
added 2021/06/21 9:35 p.m.87 views

CVE-2021-34388

This CVE (CVE-2021-34388) affects NVIDIA Jetson/MB2 bootloader (TegraBoot). The vulnerability is a heap overflow in the bootloader that could allow an attacker to control RAM after the heap block, potentially enabling denial of service or code execution. Affected products include Jetson TX1, TX2 ...

7.8CVSS7.8AI score0.00237EPSS
CVE
CVE
added 2021/06/21 9:35 p.m.87 views

CVE-2021-34389

CVE-2021-34389 affects NVIDIA Trusty (NVIDIA OTE) where a bounds-check flaw in the OTE protocol message parsing can let a local attacker access heap memory in TrustZone, causing information disclosure. Affected: Trusty/TAs in Jetson Trusty environment. Root cause: incorrect bounds check in NVIDIA...

5CVSS5AI score0.00256EPSS
CVE
CVE
added 2022/04/27 5:57 p.m.87 views

CVE-2022-28194

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, potentially leading to code execution, loss of integrity, limited denial of service, and confident...

7.3CVSS5.7AI score0.003EPSS
CVE
CVE
added 2021/06/22 9:25 p.m.86 views

CVE-2021-34391

CVE-2021-34391 relates to Trusty TLK on NVIDIA Jetson/Trusty in which the TZ map shared memory size parameter can overflow due to insufficient input validation. The root cause is an integer overflow in the NVIDIA TLK kernel function tz_map_shared_mem, which may enable denial of service and, per s...

5.5CVSS5.9AI score0.00182EPSS
CVE
CVE
added 2022/04/27 5:57 p.m.86 views

CVE-2022-28197

The CVE-2022-28197 entry concerns NVIDIA Jetson Linux Driver Package and the Cboot ext4_mount function, where insufficient validation of untrusted data can allow a highly privileged local attacker to trigger an integer overflow, potentially enabling code execution, privilege escalation, and limit...

5CVSS5.5AI score0.00197EPSS
CVE
CVE
added 2022/04/27 5:57 p.m.85 views

CVE-2022-28193

The CVE-2022-28193 entry concerns NVIDIA Jetson Linux Driver Package. A vulnerability in the Cboot module tegrabl_cbo.c arises from insufficient validation of untrusted data, which can permit a local attacker with elevated privileges to cause a memory buffer overflow. Claimed impacts include code...

5.6CVSS5.7AI score0.00255EPSS
CVE
CVE
added 2022/04/27 5:57 p.m.85 views

CVE-2022-28196

CVE-2022-28196 affects NVIDIA Jetson Linux Driver Package, specifically the Cboot blob_decompress function. The vulnerability arises from insufficient validation of untrusted data, enabling a local, privileged attacker to trigger a memory buffer overflow and potentially achieve code execution, wi...

4.6CVSS5.1AI score0.00232EPSS
CVE
CVE
added 2022/12/30 12:0 a.m.82 views

CVE-2022-42270

CVE-2022-42270 affects NVIDIA distributions of Linux via the nvdla_emu_task_submit path, where unvalidated input can lead to a stack-based kernel buffer overflow and local privilege escalation, compromising integrity, confidentiality, and availability. Public sources in connected docs confirm the...

7.8CVSS7.7AI score0.00196EPSS
CVE
CVE
added 2021/06/22 9:25 p.m.80 views

CVE-2021-34390

CVE-2021-34390 concerns Trusty TLK (NVIDIA TLK kernel) where a lack of checks enables an integer overflow via a user-triggered SMC call, potentially causing denial of service. The connected NVIDIA bulletin (Security Updates) confirms affected Jetson products and recommends updating to newer Debia...

5.5CVSS5.9AI score0.00192EPSS
CVE
CVE
added 2021/06/22 9:25 p.m.78 views

CVE-2021-34394

CVE-2021-34394 affects NVIDIA Trusty (NVIDIA OTE protocol) used in Jetson devices. The issue is an incorrect message stream deserialization in the OTE protocol that can allow a local attacker to trigger a buffer overflow, potentially leading to information disclosure and data modification. NVIDIA...

6.7CVSS6.5AI score0.00264EPSS
CVE
CVE
added 2021/06/21 9:35 p.m.76 views

CVE-2021-34386

CVE-2021-34386 affects NVIDIA Trusty TLK kernel (TLK) used in Jetson Linux environments. The root cause is an integer overflow in the calloc size calculation, where multiplication of count and size can overflow, potentially causing heap overflows. Connected sources (Red Hat advisory and NVIDIA se...

6.7CVSS6.7AI score0.00207EPSS
CVE
CVE
added 2021/06/22 9:25 p.m.75 views

CVE-2021-34396

CVE-2021-34396 affects NVIDIA bootloader (MB2) where a vulnerability in access permission settings could allow unauthorized software to overwrite MB2 code, potentially causing limited denial of service. The issue is rooted in bootloader access control, as described in multiple sources, and is ass...

3CVSS4.5AI score0.00197EPSS
CVE
CVE
added 2022/12/30 12:0 a.m.73 views

CVE-2022-42269

CVE-2022-42269 affects NVIDIA Trusted OS via an SMC call handler where untrusted input is not validated, allowing a highly privileged local attacker to disclose information and compromise integrity. The issue is documented across multiple sources, with NVIDIA’s security bulletin indicating affect...

7.9CVSS7.1AI score0.0018EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.72 views

CVE-2021-34381

CVE-2021-34381 affects NVIDIA Trusty TLK: the vulnerability lies in the TLK kernel function where insufficient checks allow an integer overflow in the size parameter of the tz_map_shared_mem function. This could lead to denial of service, information disclosure, or data tampering. Affected produc...

7.8CVSS7.5AI score0.00208EPSS
CVE
CVE
added 2021/06/21 9:35 p.m.72 views

CVE-2021-34387

CVE-2021-34387 affects NVIDIA Jetson Trusty TLK/Trusty on TrustZone. The vulnerability arises from access permission settings where the DRAM region reserved for TrustZone is identity-mapped by the TLK with read, write, and execute permissions, allowing write access to kernel code and data that sh...

7.2CVSS6.7AI score0.00205EPSS
CVE
CVE
added 2021/06/22 9:25 p.m.72 views

CVE-2021-34393

CVE-2021-34393: Trusty contains a vulnerability in the TSEC TA where deserialization of incoming messages occurs even though no command is exposed, potentially enabling code execution and information disclosure. Affected component: Trusty (TSEC TA) used in NVIDIA Jetson devices. Root cause: deser...

4.4CVSS5.3AI score0.003EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.70 views

CVE-2021-34378

CVE-2021-34378 affects NVIDIA Jetson devices running Trusty OS. The vulnerability is in the HDCP service TA where bounds checking in command 11 is missing, enabling memory-bounds violations that can cause information disclosure, denial of service, or privilege escalation. Affected products includ...

7.7CVSS7.1AI score0.00242EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.69 views

CVE-2021-34373

CVE-2021-34373 affects NVIDIA’s Trusty TLK (Jetson TLK kernel) used in Jetson TX1/TX2/Xavier series; root cause is lack of heap hardening leading to heap overflows in the TLK kernel, enabling information disclosure and denial of service. NVIDIA’s security bulletin notes the vulnerability in the T...

7.9CVSS6AI score0.00253EPSS
CVE
CVE
added 2023/06/23 5:9 p.m.69 views

CVE-2023-25518

Summary: CVE-2023-25518 affects NVIDIA Jetson devices due to a flaw in CBoot where the PCIe controller is initialized without an IOMMU. This can allow a physical attacker to read/write arbitrary memory, with potential results including code execution, denial of service, information disclosure, an...

7.1CVSS6.6AI score0.00266EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.68 views

CVE-2021-34379

CVE-2021-34379 affects NVIDIA Jetson devices running Trusty OS. The HDCP service TA has a bounds-checking flaw in command 10 where the length of an I/O buffer parameter is not checked, potentially leading to memory corruption. The vulnerability is locally exploitable with user interaction not req...

7.7CVSS6.8AI score0.00238EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.65 views

CVE-2021-34377

CVE-2021-34377 affects NVIDIA Jetson Trusty HDCP service TA: bounds checking is missing in command 9, enabling potential memory corruption. This local, low-complexity issue could lead to privilege escalation, information disclosure, and denial of service. NVIDIA’s security bulletin lists updated ...

7.7CVSS7AI score0.00242EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.63 views

CVE-2021-34376

CVE-2021-34376 concerns Trusty’s HDCP service TA where bounds checking in command 5 is missing. This memory-bound violation can lead to denial of service, escalation of privileges, and information disclosure. Connected NVIDIA and Red Hat/NVD entries corroborate that Trusty TLK/HDCP TA is the affe...

7.7CVSS7AI score0.00242EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.62 views

CVE-2021-34375

Concretely, CVE-2021-34375 affects NVIDIA Jetson devices running Trusty, where the stack cookie in all trusted applications (TAs) was not randomized. This can permit a stack-based buffer overflow, enabling denial of service, privilege escalation, and information disclosure. The issue is tied to T...

7.7CVSS6.8AI score0.00246EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.62 views

CVE-2021-34384

CVE-2021-34384 : A heap overflow in the NVIDIA MB2 bootloader (Jetson platform) could cause memory corruption, potentially leading to denial of service or arbitrary code execution. NVIDIA’s security bulletin lists affected Jetson Linux releases and the updated version 32.5.2 (or the latest Debian...

7.8CVSS7.8AI score0.00232EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.62 views

CVE-2021-34385

Affected product: NVIDIA Trusty TLK (TLK kernel) used in Jetson/Linux Trusty. Vulnerability: an integer overflow in the calculation of a length within the TLK kernel can cause a heap overflow. Impact: potential heap overflow with accompanying risks described in CVE-2021-34385 (information disclos...

6.7CVSS6.7AI score0.00207EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.61 views

CVE-2021-34374

CVE-2021-34374 affects NVIDIA Jetson devices running Trusty OS. The vulnerability is in Trusty command handlers where input buffer lengths are not verified, allowing memory corruption that could cause information disclosure, privilege escalation, or denial of service. Affected products include Je...

7.7CVSS6.8AI score0.00242EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.60 views

CVE-2021-34383

CVE-2021-34383 is a vulnerability in NVIDIA MB2 bootloader where a potential heap overflow could lead to denial of service or escalation of privileges. Affected component: NVIDIA MB2 bootloader used in Jetson devices. Root cause: heap overflow in the bootloader parsing/handling code (MB2) as desc...

6.7CVSS7AI score0.00212EPSS
CVE
CVE
added 2023/06/23 5:23 p.m.60 views

CVE-2023-25520

Consolidated data confirms CVE-2023-25520 affects NVIDIA Jetson Linux Driver Package, specifically the nvbootctrl component. A privileged local attacker can configure invalid nvbootctrl settings, resulting in a denial of service. Remediation is to update Jetson Linux to the patched release (as pe...

5.5CVSS5.6AI score0.00171EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.59 views

CVE-2021-34382

CVE-2021-34382 affects NVIDIA Trusty TLK kernel’s tz_map_shared_mem, where an integer overflow in the size parameter causes the request and logging buffers to overflow, allowing writes to arbitrary kernel addresses. Affected products in the NVIDIA Jetson line include Jetson AGX Xavier, Jetson Xav...

7.8CVSS7.8AI score0.00204EPSS
CVE
CVE
added 2021/06/30 10:24 a.m.55 views

CVE-2021-34380

CVE-2021-34380 refers to a vulnerability in the NVIDIA MB2 bootloader used on Jetson devices. The issue is described as a heap overflow that can corrupt heap metadata, with potential outcomes including arbitrary code execution, denial of service, and information disclosure during secure boot. Aff...

7.8CVSS8AI score0.00249EPSS
CVE
CVE
added 2026/03/31 4:22 p.m.23 views

CVE-2026-24148

Affected product: NVIDIA Jetson platforms running JetPack/JETSON Linux. The vulnerability resides in the system initialization logic, allowing an unprivileged attacker to initialize a resource with an insecure default. Consequences stated include information disclosure of encrypted data, data tam...

9.4CVSS5.9AI score0.00349EPSS
CVE
CVE
added 2026/03/31 4:23 p.m.19 views

CVE-2026-24154

Technical details about CVE-2026-24154 are not publicly available in the provided documents. Monitor for updates from NVIDIA and security advisories for affected Jetson Linux components.

7.6CVSS6AI score0.00256EPSS
CVE
CVE
added 2026/03/31 4:23 p.m.17 views

CVE-2026-24153

Technical details for CVE-2026-24153 are not publicly provided in the supplied documents; no affected products, vulnerable components, or fixes are specified. Monitor for updates from vendors and security advisories.

5.5CVSS5.9AI score0.00121EPSS