Vulnerability Description
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Linux For Tegra | < r32.5 |
| Nvidia | Jetson Agx Xavier | - |
| Nvidia | Jetson Nano | - |
| Nvidia | Jetson Nano 2Gb | - |
| Nvidia | Jetson Tx1 | - |
| Nvidia | Jetson Tx2 | - |
| Nvidia | Jetson Xavier Nx | - |
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5147Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/5147Vendor Advisory
FAQ
What is CVE-2021-1070?
CVE-2021-1070 is a vulnerability with a CVSS score of 7.1 (HIGH). NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components i...
How severe is CVE-2021-1070?
CVE-2021-1070 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-1070?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Linux For Tegra, Nvidia Jetson Agx Xavier, Nvidia Jetson Nano, Nvidia Jetson Nano 2Gb, Nvidia Jetson Tx1.