PT-2021-20504 · Nvidia · Nvidia Tlk

Frédéric Perriot

Published

2021-06-22

Updated

2021-09-20

CVE-2021-34391

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Trusty (affected versions not specified)

Description: The issue is related to a lack of checks in the NVIDIA TLK kernel function, allowing the exploitation of an integer overflow through a specific SMC call triggered by the user. This may lead to denial of service. The vulnerability specifically affects the tz handle trusted app smc function in the NVIDIA TLK kernel, where a lack of integer overflow checks on the req off and param ofs variables leads to memory corruption of critical kernel structures.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2021-34391

Affected Products

Nvidia Tlk

PT-2021-20504 · Nvidia · Nvidia Tlk

CVE-2021-34391

Weakness Enumeration

Related Identifiers

Affected Products

References · 7