CVE-2023-25518
Severity
6.8MEDIUM
EPSS
0.1%
top 73.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 23
Description
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.
CVSS vector
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.5 | Impact: 6.0
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-2rv4-2r9c-4q9r: NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical acc↗2023-06-23
CVEList▶
CVE-2023-25518: NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical acc↗2023-06-23