CVE-2022-28197

Опубликовано: 27 апр. 2022

Источник: nvd

CVSS3: 5

CVSS2: 4.4

EPSS Низкий

Описание

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

Ссылки

https://nvidia.custhelp.com/app/answers/detail/a_id/5343
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5343
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*

Версия до 32.7.2 (исключая)

Одно из

cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*

cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00062

Низкий

5 Medium

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

GHSA-qxgp-gpc4-hhg2

CVSS3: 3.9

github

почти 4 года назад

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity.

BDU:2022-03937