Multiple vulnerabilities in NVIDIA Jetson Linux Driver Package



Published: 2022-04-26
Risk Low
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2022-28193
CVE-2022-28194
CVE-2022-28195
CVE-2022-28197
CVE-2022-28196
CWE-ID CWE-119
CWE-190
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Jetson AGX Xavier series
Hardware solutions / Firmware

Jetson Xavier NX
Hardware solutions / Firmware

Jetson TX2 series
Hardware solutions / Firmware

Jetson TX2 NX
Hardware solutions / Firmware

Vendor nVidia

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU62603

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-28193

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error  in the Cboot module tegrabl_cbo.c. A local attacker with physical access to the system can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Jetson AGX Xavier series: 31.1 - 32.7.1

Jetson Xavier NX: 31.1 - 32.7.1

CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5343

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU62604

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-28194

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error  in the Cboot module tegrabl_cbo.c. A local attacker with physical access to the system can trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability requires that TFTP is enabled.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Jetson AGX Xavier series: 31.1 - 32.7.1

Jetson Xavier NX: 31.1 - 32.7.1

CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5343

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Integer overflow

EUVDB-ID: #VU62605

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-28195

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the Cboot ext4_read_file function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Jetson AGX Xavier series: 31.1 - 32.7.1

Jetson Xavier NX: 31.1 - 32.7.1

CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5343

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Integer overflow

EUVDB-ID: #VU62606

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-28197

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the Cboot ext4_mount function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Jetson AGX Xavier series: 31.1 - 32.7.1

Jetson Xavier NX: 31.1 - 32.7.1

CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5343

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Buffer overflow

EUVDB-ID: #VU62607

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-28196

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Cboot blob_decompress. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Jetson Xavier NX: 31.1 - 32.7.1

Jetson TX2 series: 27.1 - 58.5

Jetson TX2 NX: 32.5.1 - 32.7.1

Jetson AGX Xavier series: 31.1 - 32.7.1

CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5343

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###