CVE-2022-28197
low-risk
Published 2022-04-27
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.0/10
Medium
LOCAL
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (2)
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5343
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5343
18
/ 100
low-risk
Severity
13/34 · Low
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal