Lucene search

NvidiaCVELIST:CVE-2022-28197

HistoryApr 27, 2022 - 5:57 p.m.

CVE-2022-28197

2022-04-2717:57:53

CWE-190

nvidia

www.cve.org

nvidia

jetson

linux

driver

package

vulnerability

cboot

ext4_mount

function

code execution

privilege escalation

integer overflow

local attacker

denial of service

confidentiality

integrity

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

AI Score

6.3

Confidence

High

EPSS

Percentile

9.6%

JSON

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

CNA Affected

[
  {
    "product": "Jetson AGX Xavier series, Jetson Xavier NX",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All 32.x versions prior to 32.7.2"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5343

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

AI Score

6.3

Confidence

High

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2022-28197