Lucene search

NvidiaCVELIST:CVE-2022-42269

HistoryDec 30, 2022 - 12:00 a.m.

CVE-2022-42269

2022-12-3000:00:00

CWE-20

nvidia

www.cve.org

nvidia

trusted os

smc call handler

information disclosure

compromise integrity

local attacker

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components.

CNA Affected

[
  {
    "vendor": "NVIDIA",
    "product": "Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX1, Jetson TX2 series, Jetson TX2 NX",
    "versions": [
      {
        "version": "All versions prior to 32.7.2",
        "status": "affected"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5417

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-42269