CVE-2022-28195
Summary
| CVE | CVE-2022-28195 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-27 18:15:00 UTC |
| Updated | 2022-10-14 11:20:00 UTC |
| Description | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Nvidia | Jetson Agx Xavier | - | All | All | All |
| Operating System | Nvidia | Jetson Linux | All | All | All | All |
| Hardware | Nvidia | Jetson Xavier Nx | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022 | NVIDIA | MISC | nvidia.custhelp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.