First published: Wed Jun 30 2021(Updated: )
Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
NVIDIA Jetson Linux | <32.5.1 | |
Nvidia Jetson Agx Xavier 16gb | ||
Nvidia Jetson Agx Xavier 32gb | ||
Nvidia Jetson Agx Xavier 8gb | ||
NVIDIA Jetson TX2 | ||
Nvidia Jetson Tx2 4gb | ||
Nvidia Jetson Tx2 Nx | ||
Nvidia Jetson Tx2i | ||
Nvidia Jetson Xavier Nx |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this bootloader vulnerability is CVE-2021-34380.
The affected software for this vulnerability is NVIDIA Jetson Linux up to version 32.5.1.
The severity of CVE-2021-34380 is high with a severity value of 7.8.
The vulnerability in NVIDIA MB2 can be exploited through a potential heap overflow, leading to arbitrary code execution, denial of service, and information disclosure during secure boot.
To fix CVE-2021-34380, it is recommended to update to a version of NVIDIA Jetson Linux that is higher than 32.5.1.