Vulnerabilites related to NVIDIA - Jetson Orin, IGX Orin and Xavier Devices
CVE-2025-23270 (GCVE-0-2025-23270)
Vulnerability from cvelistv5
Published
2025-07-17 19:59
Modified
2025-07-17 20:21
Severity ?
7.1 (High) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-392 - Missing Report of Error Condition
Summary
NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
References
Impacted products
Vendor Product Version
NVIDIA Jetson Orin, IGX Orin and Xavier Devices Version: NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2
Version: NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4
Version: NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2
Version: IGX Orin All versions prior to IGX 1.1.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23270",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T20:21:29.502391Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T20:21:39.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Jetson Linux",
            "IGX OS"
          ],
          "product": "Jetson Orin, IGX Orin and Xavier Devices",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2"
            },
            {
              "status": "affected",
              "version": "NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4"
            },
            {
              "status": "affected",
              "version": "NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2"
            },
            {
              "status": "affected",
              "version": "IGX Orin All versions prior to IGX 1.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
            }
          ],
          "value": "NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, data tampering, denial of service, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-392",
              "description": "CWE-392: Missing Report of Error Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-17T19:59:24.528Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5662"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-23270",
    "datePublished": "2025-07-17T19:59:24.528Z",
    "dateReserved": "2025-01-14T01:06:23.292Z",
    "dateUpdated": "2025-07-17T20:21:39.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}