Lucene search

NvidiaVULNRICHMENT:CVE-2024-0108

HistoryAug 08, 2024 - 4:18 p.m.

CVE-2024-0108

2024-08-0816:18:27

CWE-755

nvidia

github.com

nvidia

jetson

linux

nvgpu

vulnerability

gpu

mmu

mapping code

denial of service

code execution

escalation of privileges

CVSS3

8.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

7.6

Confidence

High

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges.

CNA Affected

[
  {
    "vendor": "NVIDIA",
    "product": "NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson TX1, Jetson Nano series",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 32.7.4"
      }
    ],
    "platforms": [
      "Jetson Linux"
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:nvidia:jetson_agx_xavier:*:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "jetson_agx_xavier",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "32.7.4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "jetson_xavier_nx",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "32.7.4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "jetson_tx2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "32.7.4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "jetson_tx2_nx",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "32.7.4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "jetson_tx1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "32.7.4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "jetson_nano",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "32.7.4"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5555

CVSS3

8.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

7.6

Confidence

High

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-0108