Buffer overflow in Nvidia Jetson_agx_xavier_16gb
CVE-2021-34380
Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.
Vulnerability class: Buffer Overflow
EPSS: 0.002 (16.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Nvidia Jetson_agx_xavier_16gb
- Nvidia Jetson_agx_xavier_32gb
- Nvidia Jetson_agx_xavier_8gb
- Nvidia Jetson_linux
- Nvidia Jetson_tx2
- Nvidia Jetson_tx2_4gb
- Nvidia Jetson_tx2i
- Nvidia Jetson_tx2_nx
- Nvidia Jetson_xavier_nx
- Nvidia Jetson Tx1, Tx2 Series, Nx, Agx Xavier Nano And 2gb — versions All Jetson Linux versions prior to r32.5.1
Weakness classification (CWE)
References
- psirt@nvidia.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-34380?
- CVE-2021-34380 is a high-severity vulnerability in Nvidia Jetson_agx_xavier_16gb, classified under Out-of-bounds Write. CVSS score: 7.0/10. Published 2021-06-30.
- How severe is CVE-2021-34380?
- High severity. CVSS v3 base score is 7.0 out of 10.