Memory Buffer Overflow Vulnerability in NVIDIA Jetson Linux Driver Package
CVE-2022-28196

4.6MEDIUM

Key Information:

Vendor
Nvidia
Status
Jetson Agx Xavier Series, Jetson Xavier Nx, Jetson Tx2 Nx, Jetson Tx2 Series
Vendor
CVE Published:
27 April 2022

Summary

The NVIDIA Jetson Linux Driver Package has a vulnerability in the Cboot blob_decompress function due to inadequate validation of untrusted data. This flaw allows a local attacker with elevated privileges to exploit the system, potentially causing a memory buffer overflow. Exploitation of this vulnerability can lead to unauthorized code execution, compromise system integrity, and may result in a limited denial of service. Furthermore, the implications of this vulnerability could extend to other components, emphasizing the need for immediate attention and remediation.

Affected Version(s)

Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 NX, Jetson TX2 series All 32.x versions prior to 32.7.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343
x_refsource_MISC

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.