Memory Buffer Overflow in NVIDIA Jetson Linux Driver Package Cboot Module
CVE-2022-28194

7.3HIGH

Key Information:

Vendor: Nvidia
Status: Jetson Agx Xavier Series, Jetson Xavier Nx
Vendor: CVE Published:; 27 April 2022

What is CVE-2022-28194?

The NVIDIA Jetson Linux Driver Package has a security flaw in its Cboot module (tegrabl_cbo.c). When TFTP is enabled, a local attacker with elevated privileges can exploit this vulnerability to trigger a memory buffer overflow. This could lead to unauthorized code execution, compromising system integrity, resulting in a limited denial of service, and potentially affecting data confidentiality.

Affected Version(s)

Jetson AGX Xavier series, Jetson Xavier NX All 32.x versions prior to 32.7.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Mar 30, 2022

Nvidia

What is CVE-2022-28194?

Affected Version(s)

References

CVSS V3.1

Timeline