Rewterz Threat Advisory – Multiple NVIDIA Jetson Chipsets Vulnerabilities

Rewterz Threat Alert – MuddyWater – Active IOCs

June 23, 2021

Rewterz Threat Alert – Remcos RAT – Active IOCs

June 23, 2021

Rewterz Threat Advisory – Multiple NVIDIA Jetson Chipsets Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-34372

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

CVE-2021-34397

Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to a limited denial of service.

Impact

Denial of Service
Information Disclosure

Affected Vendors

NVIDIA

Affected Products

Jetson

Remediation

Refer to vendor’s advisory for the list of upgraded patches.

https://nvidia.custhelp.com/app/answers/detail/a_id/5205/~/security-bulletin%3A-nvidia-jetson-agx-xavier-series%2C-jetson-xavier-nx%2C-jetson

Rewterz Threat Alert – MuddyWater – Active IOCs

Rewterz Threat Alert – Remcos RAT – Active IOCs

Rewterz Threat Advisory – Multiple NVIDIA Jetson Chipsets Vulnerabilities

Severity

Analysis Summary

CVE-2021-34372

CVE-2021-34397

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan