Vulnerability Description
Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Jetson Linux | < 32.5.1 |
| Nvidia | Jetson Agx Xavier 16Gb | - |
| Nvidia | Jetson Agx Xavier 32Gb | - |
| Nvidia | Jetson Agx Xavier 8Gb | - |
| Nvidia | Jetson Tx2 | - |
| Nvidia | Jetson Tx2 4Gb | - |
| Nvidia | Jetson Tx2 Nx | - |
| Nvidia | Jetson Tx2I | - |
| Nvidia | Jetson Xavier Nx | - |
Related Weaknesses (CWE)
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5205Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/5205Vendor Advisory
FAQ
What is CVE-2021-34380?
CVE-2021-34380 is a vulnerability with a CVSS score of 7.0 (HIGH). Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and inform...
How severe is CVE-2021-34380?
CVE-2021-34380 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34380?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Jetson Linux, Nvidia Jetson Agx Xavier 16Gb, Nvidia Jetson Agx Xavier 32Gb, Nvidia Jetson Agx Xavier 8Gb, Nvidia Jetson Tx2.