CVE-2021-1111 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Nvidia Jetson Linux

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

6.7MEDIUMNVD

EPSS

0.5%

top 35.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Jetson Linux

Timeline

PublishedAug 11

Latest updateMay 24

Description

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:HExploitability: 0.9 | Impact: 5.3

Affected Packages1 packages

▶NVDnvidia/jetson_linux32.1 — 32.6.1

🔴Vulnerability Details

GHSA

GHSA-f2c8-7jv5-4w26: Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which ma↗2022-05-24

▶

CVEList

CVE-2021-1111: Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which ma↗2021-08-11

▶

💥Exploits & PoCs

Exploit-DB

binutils 2.37 - Objdump Segmentation Fault↗2022-04-07

▶

Exploit-DB

HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)↗2021-02-23

▶

Nuclei

XStream <1.4.18 - Server-Side Request Forgery

▶