Integer Overflow Vulnerability in NVIDIA Jetson Linux Driver Package
CVE-2022-28195

5.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Jetson Agx Xavier Series, Jetson Xavier Nx
Vendor: CVE Published:; 27 April 2022

Summary

The NVIDIA Jetson Linux Driver Package presents a vulnerability in the Cboot ext4_read_file function due to insufficient validation of untrusted data. This flaw can be exploited by local attackers with high privileges, potentially causing an integer overflow. The impact of this issue may lead to unauthorized code execution, privilege escalation, limited denial of service, and threats to confidentiality and integrity of the system. The ramifications of this vulnerability can extend to other system components, emphasizing the importance of prompt remediation.

Affected Version(s)

Jetson AGX Xavier series, Jetson Xavier NX All 32.x versions prior to 32.7.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Mar 30, 2022