CVE-2021-34372— NVIDIA Jetson 输入验证错误漏洞

N/A

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

N/A

NVIDIA Jetson 输入验证错误漏洞

Nvidia NVIDIA Jetson TX2和NVIDIA Jetson TX1都是美国英伟达（Nvidia）公司的一款嵌入式系统开发模块。 NVIDIA Jetson 存在输入验证错误漏洞，该漏洞源于Trusty（NVIDIA 为 Jetson 设备生产的可信操作系统）驱动程序在 NVIDIA OTE 协议消息解析代码中包含一个漏洞，即 malloc() 大小计算中的整数溢出导致堆上的缓冲区溢出。攻击者可利用该漏洞导致信息披露,特权升级,拒绝服务。

N/A

N/A