CVE-2022-28196: Input Validation
First published: Wed Apr 27 2022(Updated: )
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA Jetson Linux | <32.7.2 | |
| NVIDIA Jetson AGX Xavier | ||
| NVIDIA Jetson TX2 | ||
| Nvidia Jetson Tx2 Nx | ||
| Nvidia Jetson Xavier Nx |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-28196.
What is the severity of CVE-2022-28196?
The severity of CVE-2022-28196 is medium with a CVSS score of 4.6.
What is the affected software?
The affected software is NVIDIA Jetson Linux Driver Package version up to 32.7.2.
How can a local attacker exploit CVE-2022-28196?
A local attacker with elevated privileges can exploit CVE-2022-28196 by causing a memory buffer overflow, leading to code execution and potential loss of integrity.
Is NVIDIA Jetson AGX Xavier affected by CVE-2022-28196?
No, NVIDIA Jetson AGX Xavier is not affected by CVE-2022-28196.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia jetson linux
- canonical/nvidia jetson agx xavier
- canonical/nvidia jetson tx2
- canonical/nvidia jetson tx2 nx
- canonical/nvidia jetson xavier nx