Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28195

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

Published

2022-04-27T18:15:08.037

Last Modified

2024-11-21T06:56:55.783

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	nvidia	jetson_linux	< 32.7.2	Yes
Hardware	nvidia	jetson_agx_xavier	-	No
Hardware	nvidia	jetson_xavier_nx	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343 Vendor Advisory ([email protected])
https://nvidia.custhelp.com/app/answers/detail/a_id/5343 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)