Ddos 
Nvidia has released a security update for its Jetson Linux and IGX platforms, addressing two vulnerabilities that could expose systems to code execution, data tampering, denial of service, and information disclosure. Tracked as CVE-2025-23270 and CVE-2025-23269, the flaws affect both the Jetson Orin and Xavier series, widely used in AI, robotics, and embedded edge computing.
The more severe of the two, CVE-2025-23270, carries a CVSS base score of 7.1 and affects the UEFI Management Mode of Jetson Linux. The vulnerability allows an unprivileged local attacker to exploit a side-channel flaw, which could lead to:
- Code execution
- Data tampering
- Denial of service
- Information disclosure
βA successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure,β Nvidia warns.
The flaw arises from insecure handling of sensitive operations in UEFIβs isolated environment, where speculative execution and shared hardware states may unintentionally leak information across privilege boundaries.
The second flaw, CVE-2025-23269, is a kernel vulnerability rated at CVSS 4.7. This issue could allow an attacker with local, low-level privileges to exploit transient execution behavior via shared microarchitectural predictors.
βA successful exploit of this vulnerability may lead to information disclosure,β Nvidia states.
Though harder to exploit than CVE-2025-23270, the kernel-level issue could serve as a stepping stone in chained attacks that aim to elevate privileges or extract sensitive information from memory.
The vulnerabilities affect a wide range of Nvidia embedded systems, particularly those using Jetson Linux and IGX OS. The following patches have been released:
| Product | Affected Versions | Patched Version |
|---|---|---|
| Jetson Orin Series | JP5.x < 35.6.2, JP6.x < 36.4.4 | 35.6.2 / 36.4.4 |
| Jetson Xavier Series | JP5.x < 35.6.2 | 35.6.2 |
| IGX Orin | IGX OS < 1.1.2 | IGX 1.1.2 |
Administrators and developers using Jetson-based platforms for robotics, autonomous vehicles, edge AI, or industrial automation are urged to update immediately.
Related Posts:
- CVE-2024-0112: NVIDIA Patches High-Severity Vulnerability in Jetson and IGX Orin Platforms
- NVIDIA Issues Security Update for Jetson AGX Orin and IGX Orin to Patch UEFI Vulnerability
- Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers
- The Stealthy Tech of Scheduled Task Tampering: A Deep Dive into the HAFNIUM Threat Actor’s Latest Tactic
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
