#VU62606 Integer overflow in Jetson AGX Xavier series and Jetson Xavier NX


Published: 2022-04-26

Vulnerability identifier: #VU62606

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-28197

CWE-ID: CWE-190

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Jetson AGX Xavier series
Hardware solutions / Firmware
Jetson Xavier NX
Hardware solutions / Firmware

Vendor: nVidia

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the Cboot ext4_mount function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.


Mitigation
Install updates from vendor's website.

Vulnerable software versions

Jetson AGX Xavier series: 31.1 - 32.7.1

Jetson Xavier NX: 31.1 - 32.7.1


CPE

External links
http://nvidia.custhelp.com/app/answers/detail/a_id/5343


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability