CVE-2021-1070

Name of the Vulnerable Software and Affected Versions NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5

Description The issue is related to improper access control in the apply binaries.sh script, which is used to install NVIDIA components into the root file system image. This may allow an unprivileged user to modify system device tree files, leading to denial of service.

Recommendations For L4T versions prior to 32.5, update to version 32.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the apply binaries.sh script to prevent unprivileged users from modifying system device tree files.