Nvidia had to patch several vulnerabilities in its Jetson system-on-module (SOM) series chips that could open doors for denial of service (DoS) attacks. The chipmaker released patches for around nine high-severity bugs and eight less-severity bugs in the SoC framework, that could address flaws impacting millions of IoT devices.
The products affected by the vulnerabilities include Jetson TX1, TX2 series, TX2 NX, AGX Xavier Series, Xavier NX, Nano and Nano 2GB running Jetson Linux versions before 32.5.1. The embedded Linux AI, computer vision compute modules, developer kits for AI based computer vision applications and autonomous systems are also in the affected product line. Most severe problem is said to have been identified in CVE-2021-34372 with 8.2 CVSS score. The other vulnerabilities with high-severity ratings between 7.9 and 7 includes CVE‑2021‑34373, CVE‑2021‑34374, CVE‑2021‑34375, CVE‑2021‑34376, CVE‑2021‑34377, CVE‑2021‑34378, CVE‑2021‑34379 and CVE‑2021‑34380.
“Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service,” read Nividia’s security bulletin.
The company has also fixed other problems like memory corruption, stack overflows and missing bounds.