CVE-2021-1108 - OpenCVE

NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Nvidia	Jetson Nano 2gb Jetson Tx2 Jetson Tx2 Nx Jetson Xavier Nx Jetson Agx Xavier Shield Experience Shield Tv Jetson Tx1 Jetson Nano Jetson Linux

Configuration 1 [-]

AND

cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:nvidia:jetson_agx_xavier:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano:-:::::::*
	cpe:2.3:h:nvidia:jetson_nano_2gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx1:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2:-:::::::*
	cpe:2.3:h:nvidia:jetson_tx2_nx:-:::::::*
	cpe:2.3:h:nvidia:jetson_xavier_nx:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*

cpe:2.3:h:nvidia:shield_tv:-:*:*:*:*:*:*:*

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5216	Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5259	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nvidia

Published: 2021-08-11T21:33:01

Updated: 2022-01-19T16:56:12

Reserved: 2020-11-12T00:00:00

Link: CVE-2021-1108

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-11T22:15:08.127

Modified: 2022-07-08T18:54:58.587

Link: CVE-2021-1108

JSON object: View

Redhat Information

No data.

CWE

CWE-191

{"containers": {"cna": {"affected": [{"product": "Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All Jetson Linux versions prior to r32.6.1"}]}, {"product": "Shield TV", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All Shield TV versions prior to SE 9.0"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "denial of service, partial integrity, and confidentiality loss", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-19T16:56:12", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"}, {"tags": ["x_refsource_MISC"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5259"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1108", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1", "version": {"version_data": [{"version_value": "All Jetson Linux versions prior to r32.6.1"}]}}, {"product_name": "Shield TV", "version": {"version_data": [{"version_value": "All Shield TV versions prior to SE 9.0"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system."}]}, "impact": {"cvss": {"baseScore": 7.3, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "denial of service, partial integrity, and confidentiality loss"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"}, {"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5259", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5259"}]}}}}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1108", "datePublished": "2021-08-11T21:33:01", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2022-01-19T16:56:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E69A431-2B5A-4718-BCD2-CA2D1077641B", "versionEndExcluding": "32.6.1", "versionStartIncluding": "32.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DD3D2AA-2A9F-470D-BB0F-A7B7C2EC2490", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B2B041F-21A8-4F0B-BBAF-7CDD8B911547", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "52E153CA-BE89-4C66-8B72-8901BF592423", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*", "matchCriteriaId": "86D1FDAD-C594-43D9-9BF6-F7461177AB91", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*", "matchCriteriaId": "64C3FB58-08AA-4FE4-97BE-21B254BA229F", "vulnerable": false}, {"criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0AA5976-FD71-4A53-BD4F-D342E871FEB0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*", "matchCriteriaId": "71B40848-51B9-47D6-83D9-B45EDBA785DA", "versionEndExcluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:shield_tv:-:*:*:*:*:*:*:*", "matchCriteriaId": "49F85C44-6B7E-4B7C-AC8D-9D5727DFA0B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system."}, {"lang": "es", "value": "Las distribuciones del kernel de Linux de NVIDIA contienen una vulnerabilidad en FuSa Capture (VI/ISP), en la que un desbordamiento de enteros debido a la falta de comprobaci\u00f3n de entrada puede conllevar a una denegaci\u00f3n de servicio completa, una integridad parcial y una grave p\u00e9rdida de confidencialidad para todos los procesos del sistema"}], "id": "CVE-2021-1108", "lastModified": "2022-07-08T18:54:58.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2021-08-11T22:15:08.127", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"}, {"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5259"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}]}