CVE-2024-0148

Summary

NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components.

Affected Software

VendorProductVersion RangeStatus
NVIDIAIGX OrinAll versions prior to IGX 1.1affected
NVIDIAJetson AGX Orin SeriesAll versions prior to 36.4.3affected

Weaknesses

  • CWE-447: CWE-447

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References