Code Execution Vulnerability in NVIDIA Jetson Linux and IGX OS
CVE-2024-0148

7.6HIGH

Key Information:

Vendor: Nvidia
Status: Igx Orin; Jetson Agx Orin Series
Vendor: CVE Published:; 25 February 2025

What is CVE-2024-0148?

NVIDIA Jetson Linux and IGX OS contain a vulnerability in the UEFI firmware during the RCM boot mode. This issue allows an unprivileged attacker with physical access to the device to load untrusted code, which can result in multiple severe impacts, including unauthorized code execution, privilege escalation, data tampering, and potential denial of service or information disclosure. The consequences may also extend to other system components, making it imperative to address this vulnerability promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IGX Orin IGX OS All versions prior to IGX 1.1

Jetson AGX Orin Series Jetson Linux All versions prior to 36.4.3

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5617

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Dec 2, 2023

JSON

Nvidia

What is CVE-2024-0148?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.