CVE Published: 18/01/2022 |
CVE Updated: 04/08/2024 |
CVE Year: 2021 Source: nvidia |
Vendor: NVIDIA |
Product: SHIELD TV Status : PUBLISHED
CVE-2021-34402 Description
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.
Metrics
CVSS Version: 3.1 |
Base Score: 6.7 MEDIUM Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* LOW Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-284 CWE Name: CWE-284 - Improper Restriction of Operations within the Bounds of a Memory Buffer Source: NVIDIA
Common Attack Pattern Enumeration and Classification (CAPEC)