Jetson Tx1
CVE-2019-5672
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.
AnalysisAI
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-320. NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. Affected products include: Nvidia Jetson Tx1, Nvidia Jetson Tx2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Jetson Tx1
View allSystems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and includ
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with eleva
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevat
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevat
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevat
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevat
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevat
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevat
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with eleva
Same weakness CWE-320 – Key Management Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today