Lucene search

NvidiaCVELIST:CVE-2022-28193

HistoryApr 27, 2022 - 5:57 p.m.

CVE-2022-28193

2022-04-2717:57:17

CWE-20

nvidia

www.cve.org

nvidia jetson

linux

driver package

vulnerability

cboot module

memory buffer overflow

code execution

integrity

denial of service

confidentiality

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

CNA Affected

[
  {
    "product": "Jetson AGX Xavier series, Jetson Xavier NX",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All 32.x versions prior to 32.7.2"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5343

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-28193