PT-2019-17807 · Nvidia · Linux For Tegra+2
Published
2019-04-11
·
Updated
2019-04-25
·
CVE-2019-5672
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
NVIDIA Jetson TX1 and TX2 versions prior to R28.3
Description
The issue concerns the Linux for Tegra (L4T) operating system where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootfs generation and flashing. This may lead to information disclosure.
Recommendations
For versions prior to R28.3, replace the SSH keys provided in the sample rootfs with unique host keys to prevent potential information disclosure.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux For Tegra
Nvidia Jetson Tx1
Nvidia Jetson Tx2