fkie_cve-2024-0108
Vulnerability from fkie_nvd
Published
2024-08-08 17:15
Modified
2024-09-16 19:27
Severity ?
8.7 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges.
References
psirt@nvidia.comhttps://nvidia.custhelp.com/app/answers/detail/a_id/5555Vendor Advisory
Impacted products
Vendor Product Version
nvidia jetson_linux *
nvidia jetson_agx_xavier -
nvidia jetson_agx_xavier_16gb -
nvidia jetson_agx_xavier_32gb -
nvidia jetson_agx_xavier_64gb -
nvidia jetson_agx_xavier_8gb -
nvidia jetson_agx_xavier_industrial -
nvidia jetson_nano -
nvidia jetson_nano -
nvidia jetson_nano -
nvidia jetson_nano_2gb -
nvidia jetson_tx1 -
nvidia jetson_tx1_l4t -
nvidia jetson_tx2 -
nvidia jetson_tx2_4gb -
nvidia jetson_tx2_nx -
nvidia jetson_tx2i -
nvidia jetson_xavier_nx -
nvidia jetson_xavier_nx -
nvidia jetson_xavier_nx -
nvidia jetson_xavier_nx_16gb -


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C62FF93F-21E6-41E4-A82C-07AC7DC7951E",
                     versionEndExcluding: "32.7.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DD3D2AA-2A9F-470D-BB0F-A7B7C2EC2490",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0E081CB-B6EC-42DC-BA04-BCA13C17D190",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F92D471-8E65-41FC-A5DE-255136F6F989",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F666B-F3ED-4CF3-B48E-B39BDE1C2579",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E29459F7-997A-4B87-9164-6E3B5158ADC3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C7C6B22-EBD3-4465-9852-4A4844AA714A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B2B041F-21A8-4F0B-BBAF-7CDD8B911547",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_nano:-:*:-:*:*:*:*:*",
                     matchCriteriaId: "9244F123-8518-4D81-AD26-5695F27F413B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_nano:-:*:developer_kit:*:*:*:*:*",
                     matchCriteriaId: "80BF53A0-8FDF-4827-9C00-ED082C4A68C7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "52E153CA-BE89-4C66-8B72-8901BF592423",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "86D1FDAD-C594-43D9-9BF6-F7461177AB91",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_tx1_l4t:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08A43AD-CA33-4EA7-9456-C7BDE622FD05",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "71994F94-5279-4107-99F5-48990AE0C686",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "64C3FB58-08AA-4FE4-97BE-21B254BA229F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DF55ABB-1B4F-452E-9D84-C01A638F88A0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0AA5976-FD71-4A53-BD4F-D342E871FEB0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:*",
                     matchCriteriaId: "3E54B955-F0E2-44BD-9B8C-3C788BBCF2A9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:*",
                     matchCriteriaId: "3E0C93C3-26F6-48E4-BADA-4DB05A7BA9D1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:nvidia:jetson_xavier_nx_16gb:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A36028A3-EE83-4158-9039-5C6C795FA048",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges.",
      },
      {
         lang: "es",
         value: "NVIDIA Jetson Linux contiene una vulnerabilidad en NvGPU donde las rutas de manejo de errores en el código de mapeo de GPU MMU no logran limpiar un intento fallido de mapeo. Una explotación exitosa de esta vulnerabilidad puede provocar denegación de servicio, ejecución de código y escalada de privilegios.",
      },
   ],
   id: "CVE-2024-0108",
   lastModified: "2024-09-16T19:27:19.833",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 8.7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2,
            impactScore: 6,
            source: "psirt@nvidia.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-08-08T17:15:18.473",
   references: [
      {
         source: "psirt@nvidia.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5555",
      },
   ],
   sourceIdentifier: "psirt@nvidia.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-755",
            },
         ],
         source: "psirt@nvidia.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-755",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.