CVE-2023-25518

Summary

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.

Affected Software

VendorProductVersion RangeStatus
NVIDIAJetson AGX Xavier series, Jetson Xavier NXAll versions prior to 32.7.4affected

Weaknesses

  • CWE-923: CWE-923

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References