Improper access control

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead...

Nvidia Squashes High-Severity Jetson DoS Flaw

Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series of embedded computing boards designed for machine-learning applications, in things like autonomous robots, drones and more. A successful exploit could potentially cripple any such gadgets leveraging the affect...

CVE-2021-1070

CVE-2021-1070 affects NVIDIA Jetson L4T prior to 32.5 (Jetson AGX Xavier, Xavier NX, TX1/TX2, Nano/Nano 2GB). The flaw sits in the apply_binaries.sh script used to install NVIDIA components into the root filesystem image, where improper access control may let an unprivileged user modify system de...

CVE-2021-1071

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead...

CVE-2021-1070

NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the applybinaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an...

CVE-2021-1071

CVE-2021-1071 affects the NVIDIA Tegra kernel used in Jetson L4T before r32.5. The issue is in the INA3221 driver where improper access control may allow unauthorized users to read system power usage data, causing information disclosure. Affected devices include Jetson AGX Xavier, Jetson Xavier N...

Security Bulletin: Jetson AGX Xavier, TK1, TX1, TX2, and Nano L4T- December 2019

NVIDIA has released a software security update for Jetson AGX Xavier, TK1,TX1, TX2, and Nano in the NVIDIA® Tegra® Linux Driver Package L4T. The update addresses issues that may lead to code execution, denial of service, escalation of privileges, or information disclosure. To protect your system,...

Input validation

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges...

CVE-2019-5680

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges...

CVE-2019-5680

CVE-2019-5680 affects NVIDIA Jetson TX1 on the L4T R32 branch prior to R32.2. The vulnerability is in the Tegra bootloader (nvtboot) where the nvtboot-cpu image is loaded without validating the load address first, which may allow code execution, denial of service, or privilege escalation. Public ...

CVE-2019-5672

NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra L4T operating system on all versions prior to R28.3 where the Secure Shell SSH keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to informati...

CVE-2019-5672

CVE-2019-5672 affects NVIDIA Jetson TX1/TX2 running Linux for Tegra (L4T) prior to R28.3, where SSH keys in the sample rootfs are not replaced with unique host keys after generation/flash, potentially leading to information disclosure. The NVIDIA Security Bulletin lists updates for Jetson TX1/TX2...

Security Bulletin: NVIDIA Jetson TX1 and TX2 L4T - April 2019

NVIDIA has released software security updates for NVIDIA® Jetson™ TX1 and TX2 in the NVIDIA® Tegra® Linux Driver Package L4T. The update addresses issues that may lead to code execution, denial of service, escalation of privileges, or information disclosure. To protect your system, download...

Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, Jetson TX2, and Tegra K1 L4T Security Updates for Multiple Vulnerabilities

Jetson and Tegra L4T contain vulnerabilities which may lead to denial of service, escalation of privileges, or information disclosure. Go to NVIDIA Product Security. Vulnerability Details The following sections summarize the potential vulnerabilities. Descriptions use CWE™ and risk assessments...

Security Bulletin: NVIDIA Jetson TX2 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities

Jetson L4T response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure attacks that...

Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for “BlueBorne” and “Dnsmasq”.

Vulnerability Details The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2016-2434 NVIDIA Tegra kernel driver contains a vulnerability in NVHOST where an attacker can write an arbitrary value to an arbitrary location, which may lead t...

Security Bulletin: Vulnerabilities in Bash affect NVIDIA Tegra Linux L4T CVE 2014-6271, CVE 2014-7169, CVE 2014-7186, CVE 2014-7187, CVE 2014-6277, CVE 2014-6278

Vulnerability Details CVE-2014-6271 GNU Bash processes trailing strings after function definitions in the values of environment variables. This processing allows remote attackers to execute arbitrary code through a crafted environment. CVSS Base Score: 10 CVSS Temporal Score: 8.3 CVSS 2 Vector:...

CVE-2014-8298

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...

CVE-2014-8298

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...

UBUNTU-CVE-2014-8298

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...