CVE-2023-25518 HIGH

CVE-2023-25518

Vendor Nvidia
Product Jetson AGX Xavier series, Jetson Xavier NX
Weakness CWE-923
Published June 23, 2023
Last update November 29, 2024

CVSS base score

7.1/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.

Key dates

02Disclosure timeline

June 23, 2023 CVE published
November 29, 2024 Record updated