Lucene search

NvidiaCVE-2024-0108

HistoryAug 08, 2024 - 5:15 p.m.

CVE-2024-0108

2024-08-0817:15:18

CWE-755

nvidia

web.nvd.nist.gov

cve-2024-0108

nvidia jetson

vulnerability

mmu mapping

denial of service

code execution

escalation of privileges

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.5%

JSON

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges.

Affected configurations

Nvd

Node

nvidiajetson_linuxRange<32.7.5

AND

nvidiajetson_agx_xavierMatch-

nvidiajetson_agx_xavier_16gbMatch-

nvidiajetson_agx_xavier_32gbMatch-

nvidiajetson_agx_xavier_64gbMatch-

nvidiajetson_agx_xavier_8gbMatch-

nvidiajetson_agx_xavier_industrialMatch-

nvidiajetson_nanoMatch-

nvidiajetson_nanoMatch--

nvidiajetson_nanoMatch-developer_kit

nvidiajetson_nano_2gbMatch-

nvidiajetson_tx1Match-

nvidiajetson_tx1_l4tMatch-

nvidiajetson_tx2Match-

nvidiajetson_tx2_4gbMatch-

nvidiajetson_tx2_nxMatch-

nvidiajetson_tx2iMatch-

nvidiajetson_xavier_nxMatch-

nvidiajetson_xavier_nxMatch-developer_kit

nvidiajetson_xavier_nxMatch-production

nvidiajetson_xavier_nx_16gbMatch-

VendorProductVersionCPE
nvidiajetson_linux*cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*
nvidiajetson_agx_xavier-cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*
nvidiajetson_agx_xavier_16gb-cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*
nvidiajetson_agx_xavier_32gb-cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*
nvidiajetson_agx_xavier_64gb-cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:*:*:*:*:*:*:*
nvidiajetson_agx_xavier_8gb-cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*
nvidiajetson_agx_xavier_industrial-cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:*:*:*:*:*:*:*
nvidiajetson_nano-cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*
nvidiajetson_nano-cpe:2.3:h:nvidia:jetson_nano:-:*:-:*:*:*:*:*
nvidiajetson_nano-cpe:2.3:h:nvidia:jetson_nano:-:*:developer_kit:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	jetson_linux	*	cpe:2.3:o:nvidia:jetson_linux::::::::
nvidia	jetson_agx_xavier	-	cpe:2.3:h:nvidia:jetson_agx_xavier:-:::::::*
nvidia	jetson_agx_xavier_16gb	-	cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:::::::*
nvidia	jetson_agx_xavier_32gb	-	cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:::::::*
nvidia	jetson_agx_xavier_64gb	-	cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:::::::*
nvidia	jetson_agx_xavier_8gb	-	cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:::::::*
nvidia	jetson_agx_xavier_industrial	-	cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:::::::*
nvidia	jetson_nano	-	cpe:2.3:h:nvidia:jetson_nano:-:::::::*
nvidia	jetson_nano	-	cpe:2.3:h:nvidia:jetson_nano:-::-:::::
nvidia	jetson_nano	-	cpe:2.3:h:nvidia:jetson_nano:-::developer_kit:::::

Rows per page:

1-10 of 211

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Jetson Linux"
    ],
    "product": "NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson TX1, Jetson Nano series",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 32.7.4"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5555

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-0108