Improper Initialization in Jetson AGX Xavier series and Jetson Xavier NX - CVE-2023-25518

 

Improper Initialization in Jetson AGX Xavier series and Jetson Xavier NX - CVE-2023-25518

Published: June 27, 2023


Vulnerability identifier: #VU77724
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-25518
CWE-ID: CWE-665
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: nVidia
Affected software:
Jetson AGX Xavier series
Jetson Xavier NX

Detailed vulnerability description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to improper initialization in CBoot. An attacker with physical access to device can read and write to arbitrary memory and execute arbitrary code on the system.


How to mitigate CVE-2023-25518

Install updates from vendor's website.

Sources