Vulnerability Description
Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Jetson Linux | < 32.5.1 |
| Nvidia | Jetson Agx Xavier 16Gb | - |
| Nvidia | Jetson Agx Xavier 32Gb | - |
| Nvidia | Jetson Agx Xavier 8Gb | - |
| Nvidia | Jetson Tx2 | - |
| Nvidia | Jetson Tx2 4Gb | - |
| Nvidia | Jetson Tx2 Nx | - |
| Nvidia | Jetson Tx2I | - |
| Nvidia | Jetson Xavier Nx | - |
Related Weaknesses (CWE)
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5205Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/5205Vendor Advisory
FAQ
What is CVE-2021-34394?
CVE-2021-34394 is a vulnerability with a CVSS score of 4.2 (MEDIUM). Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to...
How severe is CVE-2021-34394?
CVE-2021-34394 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34394?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Jetson Linux, Nvidia Jetson Agx Xavier 16Gb, Nvidia Jetson Agx Xavier 32Gb, Nvidia Jetson Agx Xavier 8Gb, Nvidia Jetson Tx2.