CVE-2021-34373 – This vulnerability in NVIDIA's Trusty trusted L... (How to Fix)

Q: What is the severity of CVE-2021-34373?

CVE-2021-34373 has a CVSS score of 7.9 (HIGH). This vulnerability in NVIDIA's Trusty trusted Linux kernel (TLK) allows heap overflows due to insufficient heap hardening. Attackers could exploit this to cause information disclosure or denial of service. Systems using NVIDIA TLK with affected versions are vulnerable.

📋 TL;DR

This vulnerability in NVIDIA's Trusty trusted Linux kernel (TLK) allows heap overflows due to insufficient heap hardening. Attackers could exploit this to cause information disclosure or denial of service. Systems using NVIDIA TLK with affected versions are vulnerable.

💻 Affected Systems

Products:

NVIDIA Trusty trusted Linux kernel (TLK)

Versions: All versions prior to the patched release

Operating Systems: Linux systems with NVIDIA TLK

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects NVIDIA's Trusty implementation on supported platforms.

📦 What is this software?

Jetson Linux by Nvidia

View all CVEs affecting Jetson Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through privilege escalation, information disclosure of sensitive data, or persistent denial of service.

🟠

Likely Case

Information disclosure of kernel memory contents leading to further exploitation, or denial of service through system crashes.

🟢

If Mitigated

Limited impact with proper isolation and access controls, potentially only affecting the TLK environment.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of heap manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in NVIDIA security updates - check specific product advisories

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5205

Restart Required: Yes

Instructions:

1. Check NVIDIA security advisory for your specific product. 2. Download and apply the security update from NVIDIA. 3. Reboot the system to load the patched kernel.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems running vulnerable TLK versions

🧯 If You Can't Patch

Implement strict access controls to limit who can execute code on affected systems
Monitor systems for unusual behavior or crashes that might indicate exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check TLK version against NVIDIA's security advisory for your specific product

Check Version:

Check system documentation or NVIDIA tools for TLK version information

Verify Fix Applied:

Verify the TLK version has been updated to a patched release after applying updates

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
System crash reports
Unusual memory access patterns in system logs

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Search for system crash events or kernel panic messages on affected hosts

📊 Metadata

CVE ID: CVE-2021-34373

CVSS v3 Score: 7.9 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H

CWE: CWE-787

Published: June 30, 2021

Last Updated: November 21, 2024

🔗 References

https://nvidia.custhelp.com/app/answers/detail/a_id/5205 Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5205 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34373, you might also want to check these: