Description
Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- NVIDIA / NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NXAll Jetson Linux versions prior to r32.5.1 – All Jetson Linux versions prior to r32.5.1