CVE-2022-42270

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5417	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:nvidia:jetson_agx_xavier:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:::::::*
	cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:::::::*
	cpe:2.3:h:nvidia:jetson_xavier_nx:-:::::::*
	cpe:2.3:h:nvidia:jetson_xavier_nx_16gb:-:::::::*

History

07 Nov 2023, 03:53

Type	Values Removed	Values Added
Summary	NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service.	NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service.

09 Jan 2023, 19:53

Type	Values Removed	Values Added
References	~~(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5417 -~~	(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5417 - Vendor Advisory
First Time		Nvidia Nvidia jetson Agx Xavier 16gb Nvidia jetson Agx Xavier Nvidia jetson Linux Nvidia jetson Xavier Nx 16gb Nvidia jetson Agx Xavier 64gb Nvidia jetson Agx Xavier Industrial Nvidia jetson Xavier Nx Nvidia jetson Agx Xavier 32gb Nvidia jetson Agx Xavier 8gb
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:::::::* cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:::::::* cpe:2.3:o:nvidia:jetson_linux:::::::: cpe:2.3:h:nvidia:jetson_xavier_nx:-:::::::* cpe:2.3:h:nvidia:jetson_xavier_nx_16gb:-:::::::* cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:::::::* cpe:2.3:h:nvidia:jetson_agx_xavier:-:::::::* cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:::::::* cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:::::::*
CWE		CWE-787

30 Dec 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-30 23:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-42270

Mitre link : CVE-2022-42270

CVE.ORG link : CVE-2022-42270

JSON object : View

Products Affected

nvidia

jetson_agx_xavier_32gb
jetson_xavier_nx
jetson_agx_xavier_industrial
jetson_agx_xavier_16gb
jetson_agx_xavier
jetson_agx_xavier_64gb
jetson_xavier_nx_16gb
jetson_agx_xavier_8gb
jetson_linux

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

7.8 /10