CVE-2021-34374 - OpenCVE

Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nvidia	Jetson Agx Xavier 16gb Jetson Agx Xavier 32gb Jetson Agx Xavier 8gb Jetson Linux Jetson Tx2 Jetson Tx2 4gb Jetson Tx2 Nx Jetson Tx2i Jetson Xavier Nx

Configuration 1 [-]

AND

cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2_4gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2_nx:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2i:-:::::::*
	cpe:2.3:h:nvidia:jetson_xavier_nx:-:::::::*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5205

History

No history.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2021-06-30T10:24:28

Updated: 2024-08-04T00:12:48.697Z

Reserved: 2021-06-09T00:00:00

Link: CVE-2021-34374

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-30T11:15:08.277

Modified: 2021-07-06T15:18:10.113

Link: CVE-2021-34374

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All Jetson Linux versions prior to r32.5.1"}]}], "descriptions": [{"lang": "en", "value": "Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "information disclosure, escalation of privileges, denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-30T10:24:28", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-34374", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX", "version": {"version_data": [{"version_value": "All Jetson Linux versions prior to r32.5.1"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information disclosure, escalation of privileges, denial of service"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:12:48.697Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}]}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-34374", "datePublished": "2021-06-30T10:24:28", "dateReserved": "2021-06-09T00:00:00", "dateUpdated": "2024-08-04T00:12:48.697Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8941F71-0292-414E-AEA5-DD55EA3C2009", "versionEndExcluding": "32.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0E081CB-B6EC-42DC-BA04-BCA13C17D190", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F92D471-8E65-41FC-A5DE-255136F6F989", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E29459F7-997A-4B87-9164-6E3B5158ADC3", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "71994F94-5279-4107-99F5-48990AE0C686", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*", "matchCriteriaId": "64C3FB58-08AA-4FE4-97BE-21B254BA229F", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DF55ABB-1B4F-452E-9D84-C01A638F88A0", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0AA5976-FD71-4A53-BD4F-D342E871FEB0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service."}, {"lang": "es", "value": "Trusty contiene una vulnerabilidad en los manejadores de comandos donde la longitud de los b\u00faferes de entrada no es verificada. Esta vulnerabilidad puede causar una corrupci\u00f3n de la memoria, lo que puede conllevar a una divulgaci\u00f3n de informaci\u00f3n, escalada de privilegios y una denegaci\u00f3n de servicio"}], "id": "CVE-2021-34374", "lastModified": "2021-07-06T15:18:10.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2021-06-30T11:15:08.277", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}