Primary

Context

NVIDIA Jetson Linux UEFI Improper Authentication Vulnerability Allowing Device Tree Corruption

Vulnerability

Patched

A vulnerability exists in NVIDIA Jetson Linux UEFI components, where improper authentication could enable a privileged user to corrupt the Linux Device Tree. Exploitation of this vulnerability may result in data tampering and denial-of-service conditions.

Impact

Successful exploitation can lead to unauthorized data modifications and cause denial-of-service conditions.

Remediation

Users can upgrade to NVIDIA Jetson Linux versions 35.6.3 and newer, 36.4.4 and newer, or for IGX Orin, Kernel SRU 1035 and newer. Instructions for downloading this update are available on the NVIDIA Jetson Download Center and the IGX Downloads page.

Added: Oct 14, 2025, 8:13 PM

Updated: Oct 14, 2025, 8:13 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

3.0

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

3.0

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Jetson Linux UEFI Improper Authentication Vulnerability Allowing Device Tree Corruption

Vulnerability

Impact

Remediation

Affected Products

NVIDIA Jetson Linux

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating