CVE-2021-1107 — Improper Authentication in Nvidia Jetson Linux

CWE-287 — Improper Authentication CWE-863 — Incorrect Authorization4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 71.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Jetson Linux Nvidia Shield Experience Nvidia Shield TV

Timeline

PublishedAug 11

Latest updateMay 24

Description

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDnvidia/jetson_linux32.1 — 32.6.1

▶NVDnvidia/shield_experience< 9.0

▶CVEListV5nvidia/shield_tvAll Shield TV versions prior to SE 9.0

🔴Vulnerability Details

GHSA

GHSA-p5vv-wvgc-88qh: NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution,↗2022-05-24

▶

CVEList

CVE-2021-1107: NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution,↗2021-08-11

▶

💥Exploits & PoCs

Nuclei

Control Web Panel (CWP) - File Inclusion

▶