SB2023062707 - Multiple vulnerabilities in NVIDIA Jetson

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023062707

SB2023062707 - Multiple vulnerabilities in NVIDIA Jetson

Published: June 27, 2023

Security Bulletin ID SB2023062707
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Physical access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper Initialization (CVE-ID: CVE-2023-25518)

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to improper initialization in CBoot. An attacker with physical access to device can read and write to arbitrary memory and execute arbitrary code on the system.


2) Input validation error (CVE-ID: CVE-2023-25520)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in nvbootctrl within the NVIDIA Jetson Linux Driver Package. A local user can configure invalid settings and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References