U.S. graphics chip specialist NVIDIA has released software updates to tackle a overall of 26 vulnerabilities impacting its Jetson method-on-module (SOM) series that could be abused by adversaries to escalate privileges and even guide to denial-of-assistance and info disclosure.
Tracked from CVE‑2021‑34372 by means of CVE‑2021‑34397, the flaws impact items Jetson TX1, TX2 collection, TX2 NX, AGX Xavier series, Xavier NX, and Nano and Nano 2GB functioning all Jetson Linux variations prior to 32.5.1. The company credited Frédéric Perriot of Apple Media Items for reporting all the issues.
The NVIDIA Jetson line consists of embedded Linux AI and pc vision compute modules and developer kits that mostly caters to AI-based computer eyesight programs and autonomous systems this kind of as mobile robots and drones.
Chief amid the vulnerabilities is CVE‑2021‑34372 (CVSS score: 8.2), a buffer overflow flaw in its Trusty dependable execution environment (TEE) that could end result in information disclosure, escalation of privileges, and denial-of-company.
Eight other vital weaknesses include memory corruption, stack overflows, and missing bounds checks in the TEE as very well as heap overflows affecting the Bootloader that could direct to arbitrary code execution, denial-of-provider, and information and facts disclosure. The rest of the flaws, also related to Trusty and Bootloader, could be exploited to impact code execution, resulting in denial-of-support and info disclosure, the company famous.
“Earlier application department releases that help this products are also affected,” NVIDIA explained. “If you are making use of an previously department launch, enhance to the most up-to-date 32.5.1 release. If you are applying the 32.5.1 release, update to the most current Debian packages.”