Description

NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components.

Classification

CVE ID: CVE-2024-0148

CVSS Base Severity: HIGH

CVSS Base Score: 7.6

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor: NVIDIA, NVIDIA

Product: IGX Orin, Jetson AGX Orin Series

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.47% (scored less or equal to compared to others)

EPSS Date: 2025-03-26 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0148
https://nvidia.custhelp.com/app/answers/detail/a_id/5617

Timeline