CVE-2021-34387

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 92.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Jetson Linux Nvidia Nvidia Jetson TX1

Timeline

PublishedJun 21

Latest updateMay 24

Description

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/jetson_linux< 32.5.1

▶CVEListV5nvidia/nvidia_jetson_tx1All Jetson Linux versions prior to r32.5.1

🔴Vulnerability Details

GHSA

GHSA-89wh-w7hc-jhpc: The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved↗2022-05-24

▶

CVEList

CVE-2021-34387: The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved↗2021-06-21

▶