Main Vulnerability Database Vulnerabilities #VU105099

Unimplemented or Unsupported Feature in UI in Jetson AGX Orin Series and IGX Orin - CVE-2024-0148

Published: February 27, 2025

Vulnerability identifier: #VU105099

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear

CVE-ID: CVE-2024-0148

CWE-ID: CWE-447

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: nVidia

Affected software:
Jetson AGX Orin Series
IGX Orin

Detailed vulnerability description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to unimplemented or unsupported feature in UI within the UEFI firmware RCM boot mode. An attacker with physical access can execute arbitrary code on the target system.

How to mitigate CVE-2024-0148

Install updates from vendor's website.

Sources

https://nvidia.custhelp.com/app/answers/detail/a_id/5617

Unimplemented or Unsupported Feature in UI in Jetson AGX Orin Series and IGX Orin - CVE-2024-0148

Detailed vulnerability description

How to mitigate CVE-2024-0148

Sources

Please verify you're human