Vulnerabilities > CVE-2022-28193 - Out-of-bounds Write vulnerability in Nvidia Jetson Linux

CVSS 5.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

HIGH

Availability impact

LOW

local

low complexity

nvidia

CWE-787

NVD

Published: 2022-04-27

Updated: 2023-06-28

Summary

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

Vulnerable Configurations

Part	Description	Count
OS	Nvidia Nvidia Jetson Linux - Nvidia Jetson Linux 16.5 Nvidia Jetson Linux 19.3 Nvidia Jetson Linux 21.1 Nvidia Jetson Linux 21.2 Nvidia Jetson Linux 21.3 Nvidia Jetson Linux 21.4 Nvidia Jetson Linux 21.5 Nvidia Jetson Linux 21.6 Nvidia Jetson Linux 21.7 Nvidia Jetson Linux 21.8 Nvidia Jetson Linux 23.1 Nvidia Jetson Linux 23.2 Nvidia Jetson Linux 24.1 Nvidia Jetson Linux 24.2 Nvidia Jetson Linux 24.2.1 Nvidia Jetson Linux 24.2.2 Nvidia Jetson Linux 24.2.3 Nvidia Jetson Linux 27.1 Nvidia Jetson Linux 28.1 Nvidia Jetson Linux 28.2 Nvidia Jetson Linux 28.2.1 Nvidia Jetson Linux 28.3 Nvidia Jetson Linux 28.3.1 Nvidia Jetson Linux 28.3.2 Nvidia Jetson Linux 28.4 Nvidia Jetson Linux 28.5 Nvidia Jetson Linux 31.1 Nvidia Jetson Linux 32.1 Nvidia Jetson Linux 32.2 Nvidia Jetson Linux 32.2.1 Nvidia Jetson Linux 32.2.3 Nvidia Jetson Linux 32.3.1 Nvidia Jetson Linux 32.4.2 Nvidia Jetson Linux 32.4.3 Nvidia Jetson Linux 32.4.4 Nvidia Jetson Linux 32.5 Nvidia Jetson Linux 32.5.1 Nvidia Jetson Linux 32.5.2 Nvidia Jetson Linux 32.6.1 Nvidia Jetson Linux 32.7.1	41
Hardware	Nvidia Nvidia Jetson AGX Xavier - Nvidia Jetson Xavier NX -	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343