Lucene search

NvidiaCVELIST:CVE-2022-28196

HistoryApr 27, 2022 - 5:57 p.m.

CVE-2022-28196

2022-04-2717:57:44

CWE-20

nvidia

www.cve.org

4.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components.

CNA Affected

[
  {
    "product": "Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 NX, Jetson TX2 series",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All 32.x versions prior to 32.7.2"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5343

4.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-28196