CVE-2022-21819

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.6HIGH

EPSS

0.1%

top 66.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Jetson Linux

Timeline

PublishedMar 11

Latest updateMar 12

Description

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages1 packages

▶NVDnvidia/jetson_linux32.1 — 32.7.1

🔴Vulnerability Details

GHSA

GHSA-5q8q-7qqw-cmj3: NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physica↗2022-03-12

▶

CVEList

CVE-2022-21819: NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physica↗2022-03-11

▶