CVE-2019-5680

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Jetson Tx1
Vendor: CVE Published:; 19 July 2019

Summary

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges.

Affected Version(s)

NVIDIA Jetson TX1 R32 versions prior to 32.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/4835

x_refsource_CONFIRM

http://www.securityfocus.com/bid/109341

vdb-entryx_refsource_BID

https://nvidia.custhelp.com/app/answers/detail/a_id/4804

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2019
Vulnerability Reserved
Jan 7, 2019

.