Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series of embedded computing boards designed for machine-learning applications, in things like autonomous robots, drones and more. A successful exploit could potentially cripple any such gadgets leveraging the affected Jetson products, said Nvidia. If exploited, the most serious of these flaws could lead to a denial-of-service (DoS) condition for affected products. The flaw (CVE-2021-1070) ranks 7.1 out of 10 on the CVSS scale, making it high-severity. It specifically exists in the Nvidia Linux Driver Package (L4T), the board support package for Jetson products. Nvidia L4T contains a glitch in the apply_binaries.sh script. This script is used to install Nvidia components into the root file system image. The script allows improper access control, which may lead to an unprivileged user being able to modify system device tree files. Device trees are a data structure of the hardware components of a particular computer, which allow an operating system’s kernel to use and manage those components, including the CPU, memory, and peripherals. Access to a device tree file could allow an attacker to launch a DoS attack. Further details about the flaw – including what an attacker needs to exploit it – were not disclosed. The issue was discovered by programmer Michael de Gans. All versions prior to L4T release r32.5 are affected; a patch is available in L4T release r32.5. Specific Jetson products affected…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-01-26 17:11:002021-01-26 17:11:00Nvidia Squashes High-Severity Jetson DoS Flaw
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org