CVE-2021-34394

MEDIUM

Nvidia Jetson Linux < 32.5.1 - Insecure Deserialization

Title source: rule

Description

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.

References (1)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5205

Scores

CVSS v3 4.2

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

nvidia/jetson_linux < 32.5.1

Timeline

Published Jun 22, 2021

Tracked Since Feb 18, 2026