7.9

CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components.

Data is provided by the National Vulnerability Database (NVD)
NvidiaJetson Linux Version < 32.7.2
   NvidiaJetson Agx Xavier Version-
   NvidiaJetson Agx Xavier 16gb Version-
   NvidiaJetson Agx Xavier 32gb Version-
   NvidiaJetson Agx Xavier 64gb Version-
   NvidiaJetson Agx Xavier 8gb Version-
   NvidiaJetson Agx Xavier Industrial Version-
   NvidiaJetson Tx1 Version-
   NvidiaJetson Tx2 Version-
   NvidiaJetson Tx2 4gb Version-
   NvidiaJetson Tx2 Nx Version-
   NvidiaJetson Tx2i Version-
   NvidiaJetson Xavier Nx Version-
   NvidiaJetson Xavier Nx 16gb Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.131
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.9 1.5 5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
psirt@nvidia.com 7.9 1.5 5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.