Information Disclosure Vulnerability in NVIDIA Trusted OS
CVE-2022-42269

7.9HIGH

Key Information:

Vendor: Nvidia
Status: Jetson Agx Xavier Series, Jetson Xavier Nx, Jetson Tx1, Jetson Tx2 Series, Jetson Tx2 Nx
Vendor: CVE Published:; 30 December 2022

Summary

NVIDIA Trusted OS contains a significant security flaw within its SMC call handler that arises from the failure to validate untrusted inputs. This vulnerability permits highly privileged local attackers to potentially disclose sensitive information and compromise the integrity of the system. The potential consequences may extend to affecting various components within the platform, raising concerns over the confidential data managed by the system. Addressing this issue promptly is crucial for maintaining the integrity and security of NVIDIA Trusted OS.

Affected Version(s)

Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX1, Jetson TX2 series, Jetson TX2 NX All versions prior to 32.7.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5417

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 30, 2022
Vulnerability Reserved
Oct 3, 2022