Skip to main content

Jetson Linux CVE-2022-28197

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2022-04-27 psirt@nvidia.com
5.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 27, 2022 - 18:15 nvd
MEDIUM 5.0

DescriptionNVD

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

AnalysisAI

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an. Rated medium severity (CVSS 5.0). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components. Affected products include: Nvidia Jetson Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2024-0108 HIGH
8.8 Aug 08

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean u

CVE-2022-42269 HIGH
7.9 Dec 30

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a

CVE-2022-42270 HIGH
7.8 Dec 30

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a loca

CVE-2021-1107 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access control

CVE-2021-1106 HIGH
7.8 Aug 11

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, wh

CVE-2021-34384 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which m

CVE-2021-34382 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on t

CVE-2021-34381 HIGH
7.8 Jun 30

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of

CVE-2021-34380 HIGH
7.8 Jun 30

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metad

CVE-2021-34372 HIGH
7.8 Jun 22

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol

CVE-2021-34388 HIGH
7.8 Jun 21

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to contr

CVE-2022-21819 HIGH
7.6 Mar 11

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unpr

Share

CVE-2022-28197 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy