CVE-2024-0112: NVIDIA Patches High-Severity Vulnerability in Jetson and IGX Orin Platforms
do son 
NVIDIA has issued a security bulletin announcing a software update for its Jetson AGX Orin series, including the Jetson Orin NX and Jetson Orin Nano series, and IGX Orin platforms. The update addresses a high-severity vulnerability (CVE-2024-0112) that could potentially allow attackers to gain unauthorized access and execute malicious code.
The vulnerability stems from an improper input validation issue, which could be exploited by attackers to escalate privileges and compromise the system. “NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree,” the bulletin explains.
A successful exploit could lead to a range of malicious outcomes, including:
- Code execution: Attackers could execute arbitrary code on the affected device, potentially taking full control of the system.
- Denial of service: The vulnerability could be used to trigger a denial of service condition, disrupting the availability of the device.
- Data corruption: Attackers could corrupt sensitive data, leading to data loss or system instability.
- Information disclosure: Exploitation could result in the unauthorized disclosure of confidential information.
- Escalation of privilege: Attackers might gain elevated privileges, allowing them to access restricted resources and functionalities.
The CVSS v3.1 base score for this vulnerability is 7.5, indicating a high severity level. While the risk assessment provided by NVIDIA is based on an average across diverse systems, users are strongly encouraged to evaluate the risk to their specific configurations and apply the update as soon as possible.
The vulnerability affects multiple NVIDIA software versions, and patches are now available. NVIDIA advises immediate updates to the following versions:
| CVE ID | Affected Products | Affected Versions | Updated Version |
|---|---|---|---|
| CVE-2024-0112 | Jetson AGX Orin, Jetson Orin NX, Jetson Orin Nano | All versions prior to 36.4 | 36.4.3 |
| CVE-2024-0112 | IGX Orin IGX OS | All versions prior to IGX 1.1 | IGX 1.1 |
The updated software versions are available for download from nvidia.com. Users can find the specific versions for their respective products in the security bulletin.
