NVIDIA Jetson Linux Vulnerability Allows Denial of Service, Code Execution, and Privilege Escalation
CVE-2024-0108

8.8HIGH

Key Information:

Vendor
Nvidia
Status
Nvidia Jetson Agx Xavier Series, Jetson Xavier Nx, Jetson Tx2 Series, Jetson Tx2 Nx, Jetson Tx1, Jetson Nano Series
Vendor
CVE Published:
8 August 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The NVIDIA Jetson Linux platform is affected by a vulnerability in the GPU Memory Management Unit (MMU) mapping process, specifically within the NvGPU error handling functions. When a mapping operation fails, the paths intended for error handling inadequately clean up the failed attempt, which could potentially be exploited by an attacker. This flaw may result in a denial of service and provide opportunities for code execution, raising serious concerns around privilege escalation and system integrity.

Affected Version(s)

NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson TX1, Jetson Nano series Jetson Linux All versions prior to and including 32.7.4

News Articles

favicon imageSecurityWeek

Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure

Attempts to exploit CVE-2024-0108, an authentication bypass vulnerability in Palo Alto firewalls, started one day after disclosure. 

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5555

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

.