CVE-2024-0148

CWE-4473 documents3 sources
Severity
7.6HIGH
EPSS
0.1%
top 79.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia IGX OrinNvidia Jetson AGX Orin Series
Timeline
PublishedFeb 25

Description

NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages2 packages

CVEListV5nvidia/jetson_agx_orin_seriesAll versions prior to 36.4.3
CVEListV5nvidia/igx_orinAll versions prior to IGX 1.1

🔴Vulnerability Details

2
GHSA
GHSA-ppxx-pr9w-7ww8: NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access2025-02-25
CVEList
CVE-2024-0148: NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access2025-02-25
CVE-2024-0148 (HIGH CVSS 7.6) | NVIDIA Jetson Linux and IGX OS imag | cvebase.io