CVE-2022-21819

Published: Mar 11, 2022Modified: Nov 21, 2024

7.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 6.0

Source: NVD

Description

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.

Affected (1)

Products: Nvidia: Jetson Linux

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Nvidia Jetson Linux	From 32.1 to 32.7.1

Running on/with	Platform Versions
Nvidia Jetson Nano	All versions
Nvidia Jetson Nano 2gb	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://nvidia.custhelp.com/app/answers/detail/a_id/5321

Source: psirt@nvidia.com

Vendor Advisory

https://www.thegoodpenguin.co.uk/blog/pcie-dma-attack-against-a-secured-jetson-nano-cve-2022-21819/

Source: psirt@nvidia.com

https://nvidia.custhelp.com/app/answers/detail/a_id/5321

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.thegoodpenguin.co.uk/blog/pcie-dma-attack-against-a-secured-jetson-nano-cve-2022-21819/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.