CVE-2023-25518

Опубликовано: 23 июн. 2023

Источник: nvd

CVSS3: 7.1

CVSS3: 6.8

EPSS Низкий

Описание

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.

Ссылки

https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466
Vendor Advisory
https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*

Версия до 32.7.4 (исключая)

Одно из

cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*

cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00082

Низкий

7.1 High

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-923

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2rv4-2r9c-4q9r

CVSS3: 7.1

github

больше 2 лет назад

EPSS

Процентиль: 24%

0.00082

Низкий

7.1 High

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-923

NVD-CWE-noinfo