ghsa-5q8q-7qqw-cmj3
Vulnerability from github
Published
2022-03-12 00:00
Modified
2024-05-08 15:30
Severity ?
VLAI Severity ?
Details
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.
{ "affected": [], "aliases": [ "CVE-2022-21819" ], "database_specific": { "cwe_ids": [ "CWE-732" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-03-11T14:15:00Z", "severity": "HIGH" }, "details": "NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.", "id": "GHSA-5q8q-7qqw-cmj3", "modified": "2024-05-08T15:30:37Z", "published": "2022-03-12T00:00:34Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21819" }, { "type": "WEB", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5321" }, { "type": "WEB", "url": "https://www.thegoodpenguin.co.uk/blog/pcie-dma-attack-against-a-secured-jetson-nano-cve-2022-21819" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…