Quote:Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series of embedded computing boards designed for machine-learning applications, in things like autonomous robots, drones and more. A successful exploit could potentially cripple any such gadgets leveraging the affected Jetson products, said Nvidia.
If exploited, the most serious of these flaws could lead to a denial-of-service (DoS) condition for affected products. The flaw (CVE-2021-1070) ranks 7.1 out of 10 on the CVSS scale, making it high-severity. It specifically exists in the Nvidia Linux Driver Package (L4T), the board support package for Jetson products.
Nvidia L4T contains a glitch in the apply_binaries.sh script. This script is used to install Nvidia components into the root file system image. The script allows improper access control, which may lead to an unprivileged user being able to modify system device tree files. Device trees are a data structure of the hardware components of a particular computer, which allow an operating system’s kernel to use and manage those components, including the CPU, memory, and peripherals.
Access to a device tree file could allow an attacker to launch a DoS attack. Further details about the flaw – including what an attacker needs to exploit it – were not disclosed. The issue was discovered by programmer Michael de Gans.
All versions prior to L4T release r32.5 are affected; a patch is available in L4T release r32.5. Specific Jetson products affected include the Jetson TX1 and TX2 series; which are two low-power embedded computing boards that carry a Nvidia Tegra processor and are specifically designed for accelerating machine learning in systems. Also affected are the Jetson AGX Xavier series, a developer kit that’s essentially an artificial intelligence computer for autonomous machines; the Jetson Xavier NX developer kit; and the Jetson Nano and Jetson Nano 2GB developer kits.
The other two are medium-severity flaws (CVE‑2021‑1069 and CVE‑2021‑1071), which were uncovered in the Nvidia Tegra’s kernel driver. This is code that allows the kernel to talk to the hardware devices that the system-on-a-chip (SoC) is in.
Read more: https://threatpost.com/nvidia-squashes-h...aw/163360/
![[-]](https://www.geeks.fyi/images/collapse.png)
