Lucene search

NvidiaCVELIST:CVE-2022-28195

HistoryApr 27, 2022 - 5:57 p.m.

CVE-2022-28195

2022-04-2717:57:35

CWE-20

nvidia

www.cve.org

nvidia

jetson

linux

driver package

vulnerability

cboot function

integer overflow

code execution

escalation of privileges

denial of service

confidentiality

integrity

local attacker

validation

untrusted data.

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

Percentile

9.6%

JSON

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

CNA Affected

[
  {
    "product": "Jetson AGX Xavier series, Jetson Xavier NX",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All 32.x versions prior to 32.7.2"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5343