CVE-2022-21819

Description

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.

Related CPE's

o nvidia jetson_linux ********

h nvidia jetson_nano -*******

h nvidia jetson_nano_2gb -*******

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5321

Vendor Advisory

CvssV3 impact

Version	3.1
VectorString	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AttackVector	PHYSICAL
AttackComplexity	LOW
PrivilegesRequired	NONE
UserInteraction	NONE
Scope	CHANGED
ConfidentialityImpact	HIGH
IntegrityImpact	HIGH
AvailabilityImpact	HIGH
BaseScore	7.6
BaseSeverity	HIGH

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	PARTIAL
AvailabilityImpact	PARTIAL
IntegrityImpact	PARTIAL
BaseScore	4.6
VectorString	AV:L/AC:L/Au:N/C:P/I:P/A:P
Version	2.0
AccessVector	LOCAL
Authentication	NONE

Created by Yello

About Severity.io