CVE-2021-34397 - Vulnerability Details

Vendors	Products
Nvidia	Jetson Agx Xavier 16gb Jetson Agx Xavier 32gb Jetson Agx Xavier 8gb Jetson Linux Jetson Tx2 Jetson Tx2 4gb Jetson Tx2 Nx Jetson Tx2i Jetson Xavier Nx

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5205

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All Jetson Linux versions prior to r32.5.1"}]}], "descriptions": [{"lang": "en", "value": "Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-22T21:25:33", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-34397", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX", "version": {"version_data": [{"version_value": "All Jetson Linux versions prior to r32.5.1"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "denial of service"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:12:49.915Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}]}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-34397", "datePublished": "2021-06-22T21:25:33", "dateReserved": "2021-06-09T00:00:00", "dateUpdated": "2024-08-04T00:12:49.915Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX (string)

vendor : NVIDIA (string)

versions : [ »

0 : { »

status : affected (string)

version : All Jetson Linux versions prior to r32.5.1 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 1.9 (number)

baseSeverity : LOW (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : denial of service (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-06-22T21:25:33 (string)

orgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

shortName : nvidia (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5205 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@nvidia.com (string)

ID : CVE-2021-34397 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX (string)

version : { »

version_data : [ »

0 : { »

version_value : All Jetson Linux versions prior to r32.5.1 (string)

}

]

}

]

}

vendor_name : NVIDIA (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 1.9 (number)

baseSeverity : LOW (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : denial of service (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://nvidia.custhelp.com/app/answers/detail/a_id/5205 (string)

refsource : CONFIRM (string)

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5205 (string)

}

]

}

source : { »

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T00:12:49.915Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5205 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

assignerShortName : nvidia (string)

cveId : CVE-2021-34397 (string)

datePublished : 2021-06-22T21:25:33 (string)

dateReserved : 2021-06-09T00:00:00 (string)

dateUpdated : 2024-08-04T00:12:49.915Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8941F71-0292-414E-AEA5-DD55EA3C2009", "versionEndExcluding": "32.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0E081CB-B6EC-42DC-BA04-BCA13C17D190", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F92D471-8E65-41FC-A5DE-255136F6F989", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E29459F7-997A-4B87-9164-6E3B5158ADC3", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "71994F94-5279-4107-99F5-48990AE0C686", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*", "matchCriteriaId": "64C3FB58-08AA-4FE4-97BE-21B254BA229F", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DF55ABB-1B4F-452E-9D84-C01A638F88A0", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:*", "matchCriteriaId": "3E54B955-F0E2-44BD-9B8C-3C788BBCF2A9", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:*", "matchCriteriaId": "3E0C93C3-26F6-48E4-BADA-4DB05A7BA9D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service."}, {"lang": "es", "value": "El cargador de arranque contiene una vulnerabilidad en NVIDIA MB2, que puede causar un fallo de tipo free-the-wrong-heap, lo que podr\u00eda conllevar a una denegaci\u00f3n de servicio limitada"}], "id": "CVE-2021-34397", "lastModified": "2024-11-21T06:10:18.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "psirt@nvidia.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-22T22:15:09.457", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E8941F71-0292-414E-AEA5-DD55EA3C2009 (string)

versionEndExcluding : 32.5.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E0E081CB-B6EC-42DC-BA04-BCA13C17D190 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4F92D471-8E65-41FC-A5DE-255136F6F989 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E29459F7-997A-4B87-9164-6E3B5158ADC3 (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DE9D4A55-A232-4AF2-B7E9-CD58D7D17479 (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 71994F94-5279-4107-99F5-48990AE0C686 (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 64C3FB58-08AA-4FE4-97BE-21B254BA229F (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 5DF55ABB-1B4F-452E-9D84-C01A638F88A0 (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:* (string)

matchCriteriaId : 3E54B955-F0E2-44BD-9B8C-3C788BBCF2A9 (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:* (string)

matchCriteriaId : 3E0C93C3-26F6-48E4-BADA-4DB05A7BA9D1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. (string)

}

1 : { »

lang : es (string)

value : El cargador de arranque contiene una vulnerabilidad en NVIDIA MB2, que puede causar un fallo de tipo free-the-wrong-heap, lo que podría conllevar a una denegación de servicio limitada (string)

}

]

id : CVE-2021-34397 (string)

lastModified : 2024-11-21T06:10:18.840 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 2.1 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 1.9 (number)

baseSeverity : LOW (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 0.5 (number)

impactScore : 1.4 (number)

source : psirt@nvidia.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 2.3 (number)

baseSeverity : LOW (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-06-22T22:15:09.457 (string)

references : [ »

0 : { »

source : psirt@nvidia.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5205 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5205 (string)

}

]

sourceIdentifier : psirt@nvidia.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object