CVE-2021-34395

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

4.2MEDIUM

EPSS

0.0%

top 85.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Jetson Linux Nvidia Nvidia Jetson TX1

Timeline

PublishedJun 22

Latest updateMay 24

Description

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:LExploitability: 0.8 | Impact: 2.7

Affected Packages2 packages

▶NVDnvidia/jetson_linux< 32.5.1

▶CVEListV5nvidia/nvidia_jetson_tx1All Jetson Linux versions prior to r32.5.1

🔴Vulnerability Details

GHSA

GHSA-fm6q-cgwp-2gj4: Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local↗2022-05-24

▶

CVEList

CVE-2021-34395: Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local↗2021-06-22

▶