| Vulnerability Name: | CVE-2021-1071 (CCN-195746) |
| Assigned: | 2020-11-12 |
| Published: | 2021-01-25 |
| Updated: | 2021-02-04 |
| Summary: | NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.
|
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
3.8 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: MITRE
Type: CNA
CVE-2021-1071
Source: XF
Type: UNKNOWN
nvidia-cve20211071-info-disc(195746)
Source: CCN
Type: NVIDIA Security Bulletin Answer ID 5147
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB
Source: CONFIRM
Type: Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5147
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:* (Version < r32.5)AND cpe:/h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:jetson_nano:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:nvidia:jetson_tx1:*:*:*:*:*:*:*:*OR cpe:/h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*OR cpe:/a:nvidia:jetson_tx2:*:*:*:*:*:*:*:*OR cpe:/h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:jetson_nano:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |