NVIDIA Jetson series modules are known for delivering exceptional speed and power efficiency in an embedded artificial intelligence computing device. Plus Each supercomputer in a module brings true artificial intelligence to the edge with an NVIDIA Pascal GPU, up to 8GB of memory and 59.7GB of memory bandwidth, and a wide range of standard hardware interfaces, in fact. they say it on their page.
NVIDIA Jetson vulnerabilities
Unfortunately for this component, a vulnerability was found which was published on 06/20/22 and was in fact classified as critical, something that cannot be ignored. Affected by this vulnerability is an unknown function of the component TLK Kernel. The manipulation with an unknown input leads to a buffer overflow vulnerability. This has an impact on confidentiality, integrity, and availability.
This vulnerability is identified as CVE-2021-34386 and it is difficult to exploit, in addition, the attack can be carried out through the network and the exploitation requires a multiple verification of the authentication. At the moment the technical details are not known and there is no exploit available.
Another threat that we can find at this time, affects NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, which contain a vulnerability in the apply_binaries.sh script used to install NVIDIA components on the root file system image, in which inappropriate access control is applied, which may lead to a non-privileged user being able to modify the files of the system device tree, leading to To a denial of service, on the good side, this one was classified as Low risk and it is not as worrying as the first one, but that is not why we can pass it up.
Other reads:
Malware based on GPU, a possible future problem
Specter – Which problems this vulnerability causes
