Frédéric Perriot

Name of the Vulnerable Software and Affected Versions: Trusty TLK (affected versions not specified) Description: The issue is related to an integer overflow in the calculation of a length in the NVIDIA TLK kernel, which could lead to a heap overflow. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trusty (affected versions not specified) Description: The issue is related to a vulnerability in command handlers where the length of input buffers is not verified. This can cause memory corruption, potentially leading to information disclosure, escalation of privileges, and denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trusty (affected versions not specified) Description: The issue is related to a lack of randomization in the stack cookie within trusted applications, potentially leading to a stack-based buffer overflow. This could result in denial of service, escalation of privileges, and information disclosure. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trusty (affected versions not specified) Description: The issue is related to a missing bounds checking in the HDCP service TA, specifically in command 10. This omission leads to a lack of verification for the length of an I/O buffer parameter, potentially resulting in memory corruption. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NVIDIA MB2 (affected versions not specified) Description: The issue is related to a potential heap overflow in the NVIDIA MB2 bootloader, which could lead to corruption of the heap metadata. This might result in arbitrary code execution, denial of service, and information disclosure during secure boot. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NVIDIA MB2 (affected versions not specified) Description: The bootloader contains a potential heap overflow vulnerability, which could cause memory corruption. This might lead to denial of service or code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trusty (affected versions not specified) Description: The issue is related to an incorrect message stream deserialization in the NVIDIA OTE protocol, present in all TAs. This allows an attacker to utilize a malicious CA run by the user, causing a buffer overflow. The buffer overflow may lead to information disclosure and data modification. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trusty (affected versions not specified) Description: The issue is related to a lack of checks in the NVIDIA TLK kernel function, allowing the exploitation of an integer overflow through a specific SMC call triggered by the user. This may lead to denial of service. The vulnerability specifically affects the `tz handle trusted app smc` function in the NVIDIA TLK kernel, where a lack of integer overflow checks on the `req off` and `param ofs` variables leads to memory corruption of critical kernel structures. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trusty (the trusted OS produced by NVIDIA for Jetson devices) (affected versions not specified) Description: The issue is related to a vulnerability in the NVIDIA OTE protocol message parsing code, where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap. This might result in information disclosure, escalation of privileges, and denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trusty (affected versions not specified) Description: The issue is related to a lack of checks in the NVIDIA TLK kernel function, allowing the exploitation of an integer overflow. This can be triggered by a user through a specific SMC call, potentially leading to denial of service. The `tz map shared mem` function is specifically mentioned as being vulnerable to an integer overflow on its `size` parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ARM TrustZone Technology (affected versions not specified) Description: The issue concerns access permission settings in the ARM TrustZone Technology, where a portion of the DRAM reserved for TrustZone is identity-mapped with read, write, and execute permissions. This mapping gives write access to kernel code and data that is otherwise mapped read-only. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NVIDIA Trusty (affected versions not specified) Description: The issue is related to an incorrect bounds check in the NVIDIA OTE protocol message parsing code, present in all Trusty TAs. This can allow a local user, through a malicious client, to access memory from the heap in the TrustZone, potentially leading to information disclosure. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.