Integer Overflow in NVIDIA Jetson Linux Driver Package Due to Insufficient Data Validation
CVE-2022-28197

5MEDIUM

Key Information:

Vendor: Nvidia
Status: Jetson Agx Xavier Series, Jetson Xavier Nx
Vendor: CVE Published:; 27 April 2022

Summary

A vulnerability exists in the NVIDIA Jetson Linux Driver Package due to insufficient validation of untrusted data in the Cboot ext4_mount function. This flaw may allow a highly privileged local attacker to exploit an integer overflow, potentially leading to serious consequences such as code execution, privilege escalation, and Denial of Service (DoS) conditions. The impact of this vulnerability can extend to other components, posing risks to confidentiality and integrity.

Affected Version(s)

Jetson AGX Xavier series, Jetson Xavier NX All 32.x versions prior to 32.7.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Mar 30, 2022