Lucene search

NvidiaCVELIST:CVE-2022-21819

HistoryMar 11, 2022 - 12:00 a.m.

CVE-2022-21819

2022-03-1100:00:00

CWE-732

nvidia

www.cve.org

nvidia

jetson linux

iommu configuration

physical access attack

pci bus

denial of service

code execution

escalation of privileges

data integrity

confidentiality

other components

CVSS3

7.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

32.7%

JSON

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.

CNA Affected

[
  {
    "vendor": "NVIDIA",
    "product": "Jetson Nano, Jetson Nano 2GB",
    "versions": [
      {
        "version": "All 32.x versions prior to 32.7.1",
        "status": "affected"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5321

www.thegoodpenguin.co.uk/blog/pcie-dma-attack-against-a-secured-jetson-nano-cve-2022-21819/

CVSS3

7.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

32.7%

JSON

Related for CVELIST:CVE-2022-21819