First published: Wed Apr 27 2022(Updated: )
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
NVIDIA Jetson Linux | <32.7.2 | |
NVIDIA Jetson AGX Xavier | ||
Nvidia Jetson Xavier Nx |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability in NVIDIA Jetson Linux Driver Package is in the Cboot ext4_read_file function where insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow, which may lead to code execution, escalation of privileges, and limited denial of service.
A local attacker can exploit CVE-2022-28195 by providing untrusted data to the Cboot ext4_read_file function, causing an integer overflow and potentially executing malicious code, escalating privileges, or causing a limited denial of service.
The severity of CVE-2022-28195 is medium with a CVSS score of 5.7.
The NVIDIA Jetson Linux Driver Package up to version 32.7.2 is affected by CVE-2022-28195.
No, NVIDIA Jetson AGX Xavier and Jetson Xavier Nx are not affected by CVE-2022-28195.
To fix CVE-2022-28195, it is recommended to update to a version of the NVIDIA Jetson Linux Driver Package that is not affected by the vulnerability.