CVE-2022-28195
MEDIUMNVIDIA Jetson Linux < 32.7.2 - Integer Overflow in Cboot ext4_read_file Function
Title source: llmDescription
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://nvidia.custhelp.com/app/answers/detail/a_id/5343
Scores
CVSS v3
5.7
EPSS
0.0006
EPSS Percentile
19.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Details
CWE
CWE-190
CWE-20
Status
published
Products (1)
nvidia/jetson_linux
< 32.7.2
Published
Apr 27, 2022
Tracked Since
Feb 18, 2026