CVE-2022-28195

CVSS 5.7 MEDIUMEPSS 0.2%CWE-20

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Apr 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Affected products

NVIDIA · Jetson AGX Xavier series, Jetson Xavier NX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343