CVE-2022-21819

Description

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AttackVector

PHYSICAL

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

NONE

Scope

CHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

HIGH

AvailabilityImpact

HIGH

BaseScore

7.6

BaseSeverity

HIGH

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

4.6

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

LOCAL

Authentication

NONE