CVE-2021-34393 — Deserialization of Untrusted Data in Nvidia Jetson Linux

CWE-502 — Deserialization of Untrusted Data3 documents3 sources
Severity
4.4MEDIUMNVD
CNA4.2
EPSS
0.2%
top 61.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia Jetson Linux
Timeline
PublishedJun 22
Latest updateMay 24

Description

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

â–¶NVDnvidia/jetson_linux< 32.5.1

🔴Vulnerability Details

2
GHSA
GHSA-4v94-29mp-g6pq: Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command↗2022-05-24
â–¶
CVEList
CVE-2021-34393: Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command↗2021-06-22
â–¶
CVE-2021-34393 — Deserialization of Untrusted Data | cvebase