Description

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.

Related CPE's

o

nvidia

jetson_linux

Vulnerable

h

nvidia

jetson_nano

-

h

nvidia

jetson_nano_2gb

-

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5321

Vendor Advisory

https://www.thegoodpenguin.co.uk/blog/pcie-dma-attack-against-a-secured-jetson-nano-cve-2022-21819/

Weaknesses

[email protected]

Primary
CWE-732

[email protected]

Secondary
CWE-732

CVSS impact metrics

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.6 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-11T14:15:07.700

3 years ago

Last modified

2024-05-08T14:15:07.550

1 year ago