First published: Wed Apr 27 2022(Updated: )
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
NVIDIA Jetson Linux | <32.7.2 | |
NVIDIA Jetson AGX Xavier | ||
NVIDIA Jetson TX2 | ||
Nvidia Jetson Tx2 Nx | ||
Nvidia Jetson Xavier Nx |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-28196.
The severity of CVE-2022-28196 is medium with a CVSS score of 4.6.
The affected software is NVIDIA Jetson Linux Driver Package version up to 32.7.2.
A local attacker with elevated privileges can exploit CVE-2022-28196 by causing a memory buffer overflow, leading to code execution and potential loss of integrity.
No, NVIDIA Jetson AGX Xavier is not affected by CVE-2022-28196.