Jetson chipset received a new patch because of vulnerability potentially leading to DoS Attacks

The Jetson chipset patch

NVIDIA has issued software patches to address a total of 26 vulnerabilities affecting its Jetson system-on-module (SOM) series that may be exploited by malicious actors to escalate privileges and potentially lead to denial-of-service and information leakage.

NVIDIA Jetson Chipset

The vulnerabilities impact products Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, and Nano and Nano 2GB running all Jetson Linux versions previous to 32.5.1.

Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, all the issues have been reported by Frédéric Perriot of Apple Media Products, whom the U.S. graphics chip maker thanked for detecting them.

One of the most severe vulnerabilities with a CVSS score of 8.2 is tracked as CVE‑2021‑34372 and represents a buffer overflow issue in NVIDIA’s Trusty trusted execution environment (TEE). As per the reports, if exploited, this flaw may result in information leakage, escalation of privileges, and even denial-of-service, therefore, patching it is of critical importance.

Among the 26 vulnerabilities that have been reported, eight additional flaws have been flagged as critical, all with a severity rating ranging from 7.9 to 7. They have been tracked as:

  • CVE‑2021‑34373
  • CVE‑2021‑34374
  • CVE‑2021‑34375
  • CVE‑2021‑34376
  • CVE‑2021‑34377
  • CVE‑2021‑34378
  • CVE‑2021‑34379
  • CVE‑2021‑34380

According to the disclosed information, they are related to memory corruption, stack overflows, and missing bounds checks in the TEE as well as heap overflows impacting the Bootloader that may lead to arbitrary code execution, denial-of-service, and information leakage. From what has been revealed by NVIDIA, the remainder of the vulnerabilities are also linked to Trusty and Bootloader and may be abused by malicious actors to execute arbitrary code, cause denial-of-service and leak information.

According to the company’s security bulletin, earlier software branch releases that support Jetson chips are also impacted, leaving millions of Internet of Things (IoT) devices vulnerable to DoS attacks and data theft. Therefore, users who are using an older branch release should upgrade to the current 32.5.1 release to protect their devices. Those who are already using the 32.5.1 release can update to the latest Debian packages.

[facebook_like]

About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment