Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft
NVIDIA has patched nine high severity bugs found in its Jetson SoC framework pertaining to the way the program handles low-level cryptographic algorithms. The flaws allegedly impact millions of IoT devices utilizing the Jetson chips. This leaves the devices vulnerable to a variety of attacks, including denial-of-service (DoS) and data theft. The patches also address eight bugs that are of lesser severity, ultimately fixing a wide swath of NVIDIA’s chipsets. These are typically installed and used for embedded computing systems, machine learning applications, and autonomous devices like robots and drones.
Product impacted by the flaws includes the Jetson chipset series, which consists of AGX Xavier, Jetson TX2, Nanodevices such as Jetson Nano 2GB, and those found in the NVIDIA JetPack software developers kit. The patches were fixed during NVIDIA’s June security bulletin, which was released last Friday. The most severe bug opens up the Jetson framework to a buffer-overflow attack by an adversary. According to the bulletin, the attacker would need network access to a system to conduct the attack. However, NVIDIA states that the vulnerability is not difficult to exploit and that those with little to low access rights could launch an attack.