Memory Buffer Overflow Vulnerability in NVIDIA Jetson Linux Driver Package
CVE-2022-28193

5.6MEDIUM

Key Information:

Vendor: Nvidia
Status: Jetson Agx Xavier Series, Jetson Xavier Nx
Vendor: CVE Published:; 27 April 2022

What is CVE-2022-28193?

The NVIDIA Jetson Linux Driver Package is affected by a vulnerability in the Cboot module within the tegrabl_cbo.c file, where insufficient validation of untrusted data can lead to a memory buffer overflow. This flaw may allow a local attacker with elevated privileges to execute arbitrary code, potentially compromising system integrity and confidentiality, while also enabling limited denial of service scenarios.

Affected Version(s)

Jetson AGX Xavier series, Jetson Xavier NX All 32.x versions prior to 32.7.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343

x_refsource_MISC

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Mar 30, 2022

Nvidia

What is CVE-2022-28193?

Affected Version(s)

References

CVSS V3.1

Timeline