U.S. graphics chip specialist NVIDIA has launched software updates to deal with a complete of 26 vulnerabilities impacting its Jetson system-on-module (SOM) collection that might be abused by adversaries to escalate privileges and even result in denial-of-service and data disclosure.
Tracked from CVE‑2021‑34372 by way of CVE‑2021‑34397, the issues have an effect on merchandise Jetson TX1, TX2 collection, TX2 NX, AGX Xavier collection, Xavier NX, and Nano and Nano 2GB working all Jetson Linux variations previous to 32.5.1. The corporate credited Frédéric Perriot of Apple Media Merchandise for reporting all the problems.
The NVIDIA Jetson line consists of embedded Linux AI and laptop imaginative and prescient compute modules and developer kits that primarily caters to AI-based laptop imaginative and prescient purposes and autonomous programs akin to cell robots and drones.
Chief among the many vulnerabilities is CVE‑2021‑34372 (CVSS rating: 8.2), a buffer overflow flaw in its Trusty trusted execution atmosphere (TEE) that would end in data disclosure, escalation of privileges, and denial-of-service.
Eight different essential weaknesses contain reminiscence corruption, stack overflows, and lacking bounds checks within the TEE in addition to heap overflows affecting the Bootloader that would result in arbitrary code execution, denial-of-service, and data disclosure. The remainder of the issues, additionally associated to Trusty and Bootloader, might be exploited to affect code execution, inflicting denial-of-service and data disclosure, the corporate famous.
“Earlier software program department releases that help this product are additionally affected,” NVIDIA stated. “If you’re utilizing an earlier department launch, improve to the newest 32.5.1 launch. If you’re utilizing the 32.5.1 launch, replace to the newest Debian packages.”