CVE-2021-34402 — Improper Access Control in Nvidia Shield Experience

CWE-284 — Improper Access Control CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write CWE-120 — Classic Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 84.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Shield Experience Nvidia Shield TV

Timeline

PublishedJan 18

Latest updateJan 19

Description

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/shield_experience< 9.0

▶CVEListV5nvidia/shield_tvAll versions prior to SE 9.0

🔴Vulnerability Details

GHSA

GHSA-983j-gj2g-5xg2: NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory↗2022-01-19

▶

CVEList

CVE-2021-34402: NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory↗2022-01-18

▶

📋Vendor Advisories

Red Hat

kernel: NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC↗2022-01-18

▶