CVE-2025-23270

Summary

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAJetson Orin, IGX Orin and Xavier DevicesNVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2affected
NVIDIAJetson Orin, IGX Orin and Xavier DevicesNVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4affected
NVIDIAJetson Orin, IGX Orin and Xavier DevicesNVIDIA Xavier Series All versions prior to JP5.x: 35.6.2affected
NVIDIAJetson Orin, IGX Orin and Xavier DevicesIGX Orin All versions prior to IGX 1.1.2affected

Weaknesses

  • CWE-392: CWE-392: Missing Report of Error Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References