CVE-2022-21819
HIGHNvidia Jetson Linux < 32.7.1 - Incorrect Permission Assignment
Title source: ruleDescription
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.
References (2)
Core 2
Core References
Various Sources
https://www.thegoodpenguin.co.uk/blog/pcie-dma-attack-against-a-secured-jetson-nano-cve-2022-21819/
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5321
Scores
CVSS v3
7.6
EPSS
0.0014
EPSS Percentile
33.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
nvidia/jetson_linux
32.1 - 32.7.1
Published
Mar 11, 2022
Tracked Since
Feb 18, 2026