Galen Schretlen

**Name of the Vulnerable Software and Affected Versions** NVIDIA Jetson Linux Driver Package (affected versions not specified) **Description** The issue is related to a buffer overflow in the Cboot module `tegrabl cbo.c` of the NVIDIA Jetson Linux Driver Package. If TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, potentially leading to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Jetson Linux Driver Package (affected versions not specified) **Description** The issue is related to insufficient validation of untrusted data in the Cboot ext4 read file function, which may lead to an integer overflow. This could allow a highly privileged local attacker to execute code, escalate privileges, cause a limited denial of service, and impact confidentiality and integrity. The scope of impact can extend to other components. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Jetson Linux Driver Package (affected versions not specified) **Description** The issue is related to insufficient validation of untrusted data in the Cboot ext4 mount function, which may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit issue may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Jetson Linux Driver Package (affected versions not specified) **Description** The issue is related to insufficient validation of untrusted data in the Cboot module tegrabl cbo.c, which may allow a local attacker with elevated privileges to cause a memory buffer overflow. This could lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.