CPE Details
NVIDIA Jetson TX2 R28.1
r28.1
2020-01-08
17h09 +00:00
17h09 +00:00
2020-01-08
17h09 +00:00
17h09 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:nvidia:jetson_tx2:r28.1:*:*:*:*:*:*:*
Informations
Vendor
nvidiaProduct
jetson_tx2Version
r28.1Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3. | 7.8 |
Haute |
||
| NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to R28.3. | 5.5 |
Moyen |
||
| NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service. | 6.1 |
Moyen |
||
| NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. | 9.1 |
Critique |
||
| Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 5.5 |
Moyen |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.