Skip to main content

Jetson Linux CVE-2022-28193

MEDIUM
Improper Input Validation (CWE-20)
2022-04-27 psirt@nvidia.com
5.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.6 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 27, 2022 - 18:15 nvd
MEDIUM 5.6

DescriptionNVD

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

AnalysisAI

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. Affected products include: Nvidia Jetson Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-0108 HIGH
8.8 Aug 08

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean u

CVE-2022-42269 HIGH
7.9 Dec 30

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a

CVE-2022-42270 HIGH
7.8 Dec 30

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a loca

CVE-2021-1107 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access control

CVE-2021-1106 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, wh

CVE-2021-34384 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which m

CVE-2021-34382 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on t

CVE-2021-34381 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of

CVE-2021-34380 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metad

CVE-2021-34372 HIGH
7.8 Jun 22

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol

CVE-2021-34388 HIGH
7.8 Jun 21

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to contr

CVE-2022-21819 HIGH
7.6 Mar 11

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unpr

Share

CVE-2022-28193 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy