#VU105099 Unimplemented or Unsupported Feature in UI in Jetson AGX Orin Series and IGX Orin - CVE-2024-0148

Cybersecurity Help s.r.o.

Published: 2025-02-27

Vulnerability identifier: #VU105099

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear]

CVE-ID: CVE-2024-0148

CWE-ID: CWE-447

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Jetson AGX Orin Series
Hardware solutions / Firmware
IGX Orin
Hardware solutions / Firmware

Vendor: nVidia

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to unimplemented or unsupported feature in UI within the UEFI firmware RCM boot mode. An attacker with physical access can execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Jetson AGX Orin Series: before 36.4.3

IGX Orin: before 1.1

External links
https://nvidia.custhelp.com/app/answers/detail/a_id/5617

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Code execution in NVIDIA Jetson AGX Orin Series and IGX Orin