CVE-2021-34386

CWE-190 — Integer Overflow3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 78.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Jetson Linux Nvidia Nvidia Jetson TX1

Timeline

PublishedJun 21

Latest updateMay 24

Description

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to heap overflows.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/jetson_linux< 32.5.1

▶CVEListV5nvidia/nvidia_jetson_tx1All Jetson Linux versions prior to r32.5.1

🔴Vulnerability Details

GHSA

GHSA-mprf-9g5r-6vxv: Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of↗2022-05-24

▶

CVEList

CVE-2021-34386: Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of↗2021-06-21

▶