Code execution in NVIDIA Jetson AGX Orin Series and IGX Orin
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-0148 |
| CWE-ID | CWE-447 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Jetson AGX Orin Series Hardware solutions / Firmware IGX Orin Hardware solutions / Firmware |
| Vendor | nVidia |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Unimplemented or Unsupported Feature in UI
EUVDB-ID: #VU105099
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2024-0148
CWE-ID:
CWE-447 - Unimplemented or Unsupported Feature in UI
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to unimplemented or unsupported feature in UI within the UEFI firmware RCM boot mode. An attacker with physical access can execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJetson AGX Orin Series: before 36.4.3
IGX Orin: before 1.1
CPE2.3 External linkshttps://nvidia.custhelp.com/app/answers/detail/a_id/5617
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
