Input validation error in nVidia products - CVE-2023-25520
Published: June 27, 2023
Vulnerability identifier: #VU77725
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-25520
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
Jetson AGX Xavier series
Jetson Xavier NX
Jetson TX2 series
Jetson TX2 NX
Jetson AGX Xavier series
Jetson Xavier NX
Jetson TX2 series
Jetson TX2 NX
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in nvbootctrl within the NVIDIA Jetson Linux Driver Package. A local user can configure invalid settings and perform a denial of service (DoS) attack.
How to mitigate CVE-2023-25520
Install updates from vendor's website.