Memory Buffer Overflow Vulnerability in NVIDIA Jetson Linux Driver Package
CVE-2022-28196

4.6MEDIUM

Key Information:

Vendor: Nvidia
Status: Jetson Agx Xavier Series, Jetson Xavier Nx, Jetson Tx2 Nx, Jetson Tx2 Series
Vendor: CVE Published:; 27 April 2022

What is CVE-2022-28196?

The NVIDIA Jetson Linux Driver Package has a vulnerability in the Cboot blob_decompress function due to inadequate validation of untrusted data. This flaw allows a local attacker with elevated privileges to exploit the system, potentially causing a memory buffer overflow. Exploitation of this vulnerability can lead to unauthorized code execution, compromise system integrity, and may result in a limited denial of service. Furthermore, the implications of this vulnerability could extend to other components, emphasizing the need for immediate attention and remediation.

Affected Version(s)

Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 NX, Jetson TX2 series All 32.x versions prior to 32.7.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Mar 30, 2022

Nvidia

What is CVE-2022-28196?

Affected Version(s)

References

CVSS V3.1

Timeline