CVE-2024-0148
HIGHNVIDIA IGX Orin and Jetson AGX Orin Series - Unauthenticated Code Execution via UEFI Firmware RCM Boot Mode
Title source: llmDescription
NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components.
References (1)
Core 1
Core References
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5617
Scores
CVSS v3
7.6
EPSS
0.0007
EPSS Percentile
20.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-447
Status
published
Products (2)
NVIDIA/IGX Orin
All versions prior to IGX 1.1
NVIDIA/Jetson AGX Orin Series
All versions prior to 36.4.3
Published
Feb 25, 2025
Tracked Since
Feb 18, 2026