Vulnerability identifier: #VU77724
Vulnerability risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-665
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Jetson AGX Xavier series
Hardware solutions /
Firmware
Jetson Xavier NX
Hardware solutions /
Firmware
Vendor: nVidia
Description
The vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to improper initialization in CBoot. An attacker with physical access to device can read and write to arbitrary memory and execute arbitrary code on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Jetson AGX Xavier series: 32.1 - 32.7.3
Jetson Xavier NX: 32.1 - 32.7.3
External links
http://nvidia.custhelp.com/app/answers/detail/a_id/5466
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.