CVE-2022-21819

Severity Score

7.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.

Las distribuciones de NVIDIA de Jetson Linux contienen una vulnerabilidad en la que un error en la configuración de IOMMU puede permitir a un atacante no privilegiado con acceso físico a la placa el acceso directo de lectura/escritura a todo el espacio de direcciones del sistema mediante el bus PCI. Tal ataque podría resultar en la denegación de servicio, una ejecución de código, una escalada de privilegios y el impacto en la integridad y confidencialidad de los datos. El impacto del alcance puede extenderse a otros componentes

*Credits: N/A

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-10 CVE Reserved
2022-03-11 CVE Published
2024-08-03 CVE Updated
2024-10-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-732: Incorrect Permission Assignment for Critical Resource

CAPEC

References (2)

URL	Tag	Source
https://www.thegoodpenguin.co.uk/blog/pcie-dma-attack-against-a-secured-jetson-nano-cve-2022-21819

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://nvidia.custhelp.com/app/answers/detail/a_id/5321	2024-05-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nvidia Search vendor "Nvidia"	Jetson Linux Search vendor "Nvidia" for product "Jetson Linux"	>= 32.1 < 32.7.1 Search vendor "Nvidia" for product "Jetson Linux" and version " >= 32.1 < 32.7.1"	-	Affected	in	Nvidia Search vendor "Nvidia"	Jetson Nano Search vendor "Nvidia" for product "Jetson Nano"	-	-	Safe
Nvidia Search vendor "Nvidia"	Jetson Linux Search vendor "Nvidia" for product "Jetson Linux"	>= 32.1 < 32.7.1 Search vendor "Nvidia" for product "Jetson Linux" and version " >= 32.1 < 32.7.1"	-	Affected	in	Nvidia Search vendor "Nvidia"	Jetson Nano 2gb Search vendor "Nvidia" for product "Jetson Nano 2gb"	-	-	Safe