Improper Initialization in Jetson AGX Xavier series and Jetson Xavier NX - CVE-2023-25518
Published: June 27, 2023
Vulnerability identifier: #VU77724
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-25518
CWE-ID: CWE-665
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
Jetson AGX Xavier series
Jetson Xavier NX
Jetson AGX Xavier series
Jetson Xavier NX
Detailed vulnerability description
The vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to improper initialization in CBoot. An attacker with physical access to device can read and write to arbitrary memory and execute arbitrary code on the system.
How to mitigate CVE-2023-25518
Install updates from vendor's website.