Description
Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- NVIDIA / NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NXAll Jetson Linux versions prior to r32.5.1 – All Jetson Linux versions prior to r32.5.1