AI/ML, Vulnerability Management, Patch/Configuration Management
NVIDIA patches flaw in Jetson software used in AI-powered systems

(JHVEPhoto – stock.adobe.com)
NVIDIA patched a high-severity vulnerability affecting its Jetson series computing boards that could enable denial of service (DoS), code execution and privilege escalation in AI-powered systems.In an advisory published Wednesday, NVIDIA disclosed a flaw in the Jetson Linux component of its JetPack software development kit (SDK), which powers its Jetson devices including the NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series and Jeston Nano.The fixed version, Jetson Linux 32.7.5, resolves the vulnerability tracked as CVE-2024-0108, which has a high CVSS score of 8.7. CVE-2024-0108 affects all versions of Jetson Linux prior to and including 32.7.4.The flaw exists in the NvGPU component of Jetson Linux and involves failure of the error handling paths of the GPU memory management unit code to clean up after a failed mapping attempt. This lack of cleanup can lead to errors and instability that could be leveraged by attackers to trigger DoS, execute code or escalate privileges on the affected system. NVIDIA Jetson series devices are used in a wide range of AI and robotics applications, including manufacturing, healthcare, agriculture, transportation, smart cities and more. For example, the NVIDIA Jetson Xavier NX powers machine vision systems for vehicles and medical devices, and the compact NVIDIA Jetson Nano enables AI capabilities in small internet-of-things (IoT) devices.Earlier this year, NVIDIA also patched three security vulnerabilities in its new ChatRTX demo app, which enables custom training of large-language models (LLMs) that can be run locally on a user’s device.
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds