CVE-2022-28197

CVSS 5 MEDIUMEPSS 0.2%CWE-190

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Apr 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Affected products

NVIDIA · Jetson AGX Xavier series, Jetson Xavier NX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5343