CVE-2021-34394

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 70.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia Jetson Linux
Timeline
PublishedJun 22
Latest updateMay 24

Description

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:HExploitability: 0.6 | Impact: 3.6

Affected Packages1 packages

NVDnvidia/jetson_linux< 32.5.1

🔴Vulnerability Details

2
GHSA
GHSA-chcf-c8w2-7x53: Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter2022-05-24
CVEList
CVE-2021-34394: Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs2021-06-22
CVE-2021-34394 (MEDIUM CVSS 6.7) | Trusty contains a vulnerability in | cvebase.io