CVE-2021-34380 - OpenCVE

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nvidia	Jetson Agx Xavier 16gb Jetson Agx Xavier 32gb Jetson Agx Xavier 8gb Jetson Linux Jetson Tx2 Jetson Tx2 4gb Jetson Tx2 Nx Jetson Tx2i Jetson Xavier Nx

Configuration 1 [-]

AND

cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2_4gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2_nx:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2i:-:::::::*
	cpe:2.3:h:nvidia:jetson_xavier_nx:-:::::::*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5205

History

No history.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2021-06-30T10:24:34

Updated: 2024-08-04T00:12:50.375Z

Reserved: 2021-06-09T00:00:00

Link: CVE-2021-34380

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-30T11:15:08.617

Modified: 2021-07-06T15:23:31.953

Link: CVE-2021-34380

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "NVIDIA Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, Nano and Nano 2GB", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All Jetson Linux versions prior to r32.5.1"}]}], "descriptions": [{"lang": "en", "value": "Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "information disclosure, escalation of privileges, denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-30T10:24:34", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-34380", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, Nano and Nano 2GB", "version": {"version_data": [{"version_value": "All Jetson Linux versions prior to r32.5.1"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information disclosure, escalation of privileges, denial of service"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:12:50.375Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}]}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-34380", "datePublished": "2021-06-30T10:24:34", "dateReserved": "2021-06-09T00:00:00", "dateUpdated": "2024-08-04T00:12:50.375Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8941F71-0292-414E-AEA5-DD55EA3C2009", "versionEndExcluding": "32.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0E081CB-B6EC-42DC-BA04-BCA13C17D190", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F92D471-8E65-41FC-A5DE-255136F6F989", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E29459F7-997A-4B87-9164-6E3B5158ADC3", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "71994F94-5279-4107-99F5-48990AE0C686", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*", "matchCriteriaId": "64C3FB58-08AA-4FE4-97BE-21B254BA229F", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DF55ABB-1B4F-452E-9D84-C01A638F88A0", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0AA5976-FD71-4A53-BD4F-D342E871FEB0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot."}, {"lang": "es", "value": "El cargador de arranque contiene una vulnerabilidad en NVIDIA MB2 en la que un posible desbordamiento de la pila podr\u00eda causar una corrupci\u00f3n de los metadatos de la pila, lo que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria, denegaci\u00f3n de servicio y una divulgaci\u00f3n de informaci\u00f3n durante el arranque seguro"}], "id": "CVE-2021-34380", "lastModified": "2021-07-06T15:23:31.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2021-06-30T11:15:08.617", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}