Security Bulletin: NVIDIA Jetson AGX Xavier, TX1, TX2, and Nano L4T - July 2020

NVIDIA has released a software security update for Jetson AGX Xavier, TX1, TX2, and Nano in the NVIDIA JetPack™ software development kit (SDK). The update addresses issues that may lead to escalation of privileges. To protect your system, download and install the latest NVIDIA JetPack SDK from NVIDIA DevZone. Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities and their impact that this security update addresses. Descriptions use CWE™, and base scores and vectors use CVSS v3.0 standards.

The NVIDIA risk assessment is based on the maximum risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA software products and versions affected, and the updated versions that include this security update.

Download and install the latest NVIDIA JetPack software from NVIDIA DevZone.

Notes:

• Customers who prefer to continue using NVIDIA JetPack SDK 4.2 or 4.3 can correct the permissions on the affected directories by running the following commands on the L4T host’s root file system:

chmod 755 /etc/nvidia-container-runtime/host-files-for-container.d

chmod 644 /etc/nvidia-container-runtime/host-files-for-container.d/*.csv

Mitigations

See Security Updates for the version to install.

Acknowledgements

CVE-2020-5974: NVIDIA thanks Michael de Gans for reporting this issue.