CVE-2019-5680

low-risk

Published 2019-07-19

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Jetson Tx1 Firmware

Affected Vendors

Nvidia

References (6)

http://www.securityfocus.com/bid/109341

https://nvidia.custhelp.com/app/answers/detail/a_id/4804

Vendor Advisory https://nvidia.custhelp.com/app/answers/detail/a_id/4835

http://www.securityfocus.com/bid/109341

https://nvidia.custhelp.com/app/answers/detail/a_id/4804

Vendor Advisory https://nvidia.custhelp.com/app/answers/detail/a_id/4835

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal