Deserialization in Nvidia Jetson_agx_xavier_16gb
CVE-2021-34394
Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may l…
Vulnerability class: Insecure Deserialization
EPSS: 0.003 (17.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H.
Affected products
- Nvidia Jetson_agx_xavier_16gb
- Nvidia Jetson_agx_xavier_32gb
- Nvidia Jetson_agx_xavier_8gb
- Nvidia Jetson_linux
- Nvidia Jetson_tx2
- Nvidia Jetson_tx2_4gb
- Nvidia Jetson_tx2i
- Nvidia Jetson_tx2_nx
- Nvidia Jetson_xavier_nx
- Nvidia Jetson Tx2 Series, Nx, Agx Xavier Nx — versions All Jetson Linux versions prior to r32.5.1
Weakness classification (CWE)
References
- psirt@nvidia.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-34394?
- CVE-2021-34394 is a medium-severity vulnerability in Nvidia Jetson_agx_xavier_16gb, classified under Deserialization of Untrusted Data. CVSS score: 4.2/10. Published 2021-06-22.
- How severe is CVE-2021-34394?
- Medium severity. CVSS v3 base score is 4.2 out of 10.