Code Execution Vulnerability in NVIDIA Jetson Linux and IGX OS
CVE-2024-0148

7.6HIGH

Key Information:

Vendor: Nvidia
Status: Igx Orin; Jetson Agx Orin Series
Vendor: CVE Published:; 25 February 2025

What is CVE-2024-0148?

NVIDIA Jetson Linux and IGX OS contain a vulnerability in the UEFI firmware during the RCM boot mode. This issue allows an unprivileged attacker with physical access to the device to load untrusted code, which can result in multiple severe impacts, including unauthorized code execution, privilege escalation, data tampering, and potential denial of service or information disclosure. The consequences may also extend to other system components, making it imperative to address this vulnerability promptly.

Affected Version(s)

IGX Orin IGX OS All versions prior to IGX 1.1

Jetson AGX Orin Series Jetson Linux All versions prior to 36.4.3

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5617

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Dec 2, 2023

Nvidia

What is CVE-2024-0148?

Affected Version(s)

References

CVSS V3.1

Timeline