Michael De Gans

**Name of the Vulnerable Software and Affected Versions** NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5 **Description** The issue is related to improper access control in the apply binaries.sh script, which is used to install NVIDIA components into the root file system image. This may allow an unprivileged user to modify system device tree files, leading to denial of service. **Recommendations** For L4T versions prior to 32.5, update to version 32.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the apply binaries.sh script to prevent unprivileged users from modifying system device tree files.

**Name of the Vulnerable Software and Affected Versions** NVIDIA JetPack SDK versions 4.2 through 4.3 **Description** The issue is related to incorrect permissions set on certain directories by the installation scripts, potentially leading to escalation of privileges. **Recommendations** For NVIDIA JetPack SDK versions 4.2 through 4.3, manually correct the permissions on the affected directories to prevent privilege escalation. As a temporary workaround, consider restricting access to the affected directories until a patch is available.