Nvidia Jetson Tx1 vulnerabilities

CVE-2021-34382 [MEDIUM] CWE-190 CVE-2021-34382: Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an i Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on the size parameter causes the request buffer and the logging buffer to overflow, allowing writes to arbitrary addresses within the kernel.

CVE-2021-34381 [MEDIUM] CWE-190 CVE-2021-34381: Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function, which might lead to denial of service, information disclosure, or data tampering.

CVE-2021-34373 [HIGH] CWE-787 CVE-2021-34373: Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service.

CVE-2021-34385 [MEDIUM] CWE-190 CVE-2021-34385: Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calcul Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow.

CVE-2021-34391 [MEDIUM] CWE-190 CVE-2021-34391: Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.

CVE-2021-34395 [LOW] CWE-276 CVE-2021-34395: Trusty TLK contains a vulnerability in its access permission settings where it does not properly res Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.

CVE-2021-34390 [MEDIUM] CWE-190 CVE-2021-34390: Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.

CVE-2021-34392 [MEDIUM] CWE-190 CVE-2021-34392: Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.

CVE-2021-34387 [MEDIUM] CWE-276 CVE-2021-34387: The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permissi The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.

CVE-2021-34386 [MEDIUM] CWE-190 CVE-2021-34386: Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to heap overflows.

CVE-2019-5680 [MEDIUM] CWE-20 CVE-2019-5680: In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerabilit In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges.