SB2021062106 - Multiple vulnerabilities in several NVIDIA products
Published: June 21, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 26 vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2021-34372)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Trusty driver in the NVIDIA OTE protocol message parsing code. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Integer overflow (CVE-ID: CVE-2021-34386)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in "calloc" size calculation. A local administrator can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Input validation error (CVE-ID: CVE-2021-34397)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in NVIDIA MB2. A local administrator can cause free-the-wrong-heap, leading to limited denial of service.
4) Improper access control (CVE-ID: CVE-2021-34396)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Bootloader. A local administrator can overwrite NVIDIA MB2 code and cause a denial of service (DoS) condition.
5) Improper access control (CVE-ID: CVE-2021-34395)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Trusty TLK. A local administrator can bypass implemented security restrictions, leading to limited information disclosure and limited denial of service.
6) Deserialization of Untrusted Data (CVE-ID: CVE-2021-34394)
CWE-ID: CWE-502 - Deserialization of Untrusted Data
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in all TAs. A local administrator can pass specially crafted data to the application and cause a denial of service condition on the target system.
7) Deserialization of Untrusted Data (CVE-ID: CVE-2021-34393)
CWE-ID: CWE-502 - Deserialization of Untrusted Data
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in TSEC TA. A local administrator can pass specially crafted data to the application and gain access to sensitive information.
8) Integer overflow (CVE-ID: CVE-2021-34392)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
9) Integer overflow (CVE-ID: CVE-2021-34391)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in "tz_handle_trusted_app_smc" function. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
10) Integer overflow (CVE-ID: CVE-2021-34390)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel in the "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
11) Out-of-bounds read (CVE-ID: CVE-2021-34389)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in NVIDIA OTE protocol message parsing code. A local user can trigger out-of-bounds read error and read contents of memory on the system.
12) Heap-based buffer overflow (CVE-ID: CVE-2021-34388)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Improper access control (CVE-ID: CVE-2021-34387)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the ARM TrustZone Technology. A local administrator can gain write access to kernel code and data that is otherwise mapped read only.
14) Integer overflow (CVE-ID: CVE-2021-34385)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the NVIDIA TLK kernel. A local administrator can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Heap-based buffer overflow (CVE-ID: CVE-2021-34373)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error in the NVIDIA TLK kernel. A local administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and cause information disclosure and denial of service.
16) Heap-based buffer overflow (CVE-ID: CVE-2021-34384)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Heap-based buffer overflow (CVE-ID: CVE-2021-34383)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Integer overflow (CVE-ID: CVE-2021-34382)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Trusty TLK in the "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Integer overflow (CVE-ID: CVE-2021-34381)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Trusty TLK in the "tz_map_shared_mem" function. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Heap-based buffer overflow (CVE-ID: CVE-2021-34380)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error within Bootloader in NVIDIA MB2. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Buffer overflow (CVE-ID: CVE-2021-34379)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Buffer overflow (CVE-ID: CVE-2021-34378)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service TA. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Buffer overflow (CVE-ID: CVE-2021-34377)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service TA. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Buffer overflow (CVE-ID: CVE-2021-34376)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HDCP service TA. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) Stack-based buffer overflow (CVE-ID: CVE-2021-34375)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a boundary error in all trusted applications (TAs). A local administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
26) Buffer overflow (CVE-ID: CVE-2021-34374)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in command handlers. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.