CVE-2020-5974

7.8HIGH

Key Information:

Vendor
Nvidia
Status
Nvidia Jetson Agx Xavier, Tx1, Tx2, And Nano L4t
Vendor
CVE Published:
8 July 2020

Summary

NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.

Affected Version(s)

NVIDIA Jetson AGX Xavier, TX1, TX2, and Nano L4T JetPack SDK 4.2, 4.3

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5039
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.