fkie_cve-2021-1070
Vulnerability from fkie_nvd
Published
2021-01-26 22:15
Modified
2024-11-21 05:43
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | linux_for_tegra | * | |
| nvidia | jetson_agx_xavier | - | |
| nvidia | jetson_nano | - | |
| nvidia | jetson_nano_2gb | - | |
| nvidia | jetson_tx1 | - | |
| nvidia | jetson_tx2 | - | |
| nvidia | jetson_xavier_nx | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*", matchCriteriaId: "B53AC0D9-2453-4E98-BA1D-029C04EB720A", versionEndExcluding: "r32.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*", matchCriteriaId: "5DD3D2AA-2A9F-470D-BB0F-A7B7C2EC2490", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*", matchCriteriaId: "2B2B041F-21A8-4F0B-BBAF-7CDD8B911547", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*", matchCriteriaId: "52E153CA-BE89-4C66-8B72-8901BF592423", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*", matchCriteriaId: "86D1FDAD-C594-43D9-9BF6-F7461177AB91", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*", matchCriteriaId: "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479", vulnerable: false, }, { criteria: "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*", matchCriteriaId: "B0AA5976-FD71-4A53-BD4F-D342E871FEB0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.", }, { lang: "es", value: "NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano y Nano 2GB, versiones L4T anteriores a 32.5, contiene una vulnerabilidad en el script apply_binaries.sh usado para instalar componentes de NVIDIA en la imagen del sistema de archivos root, en la cual un control de acceso inapropiado es aplicado, lo que puede conllevar a que un usuario no privilegiado pueda ser capaz de modificar los archivos del árbol de dispositivos del sistema, conllevando a una denegación de servicio", }, ], id: "CVE-2021-1070", lastModified: "2024-11-21T05:43:32.257", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "psirt@nvidia.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-26T22:15:12.043", references: [ { source: "psirt@nvidia.com", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5147", }, ], sourceIdentifier: "psirt@nvidia.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.