NVidia Jetson SoC Vulnerabilities Expose Devices to Data Theft

Last Friday chipmaker NVidia released patches addressing a range of vulnerabilities and bugs in the company's Jetson system on chip (SoC) framework.

The company issues a security bulletin on April 18, publishing the full details on all addressed vulnerabilities and bugs that the patches concern. Among those were nine serious vulnerabiltiies and another eight bugs that did not have such a high security impact.

The vulnerabilities allowed potential bad actors to execute denial of service attacks or exfiltrate information from the devices.

The Jetson SoC is usually found in IoT devices, robots and drones as well as in various embedded systems with different applications. The list of impacted Jetson family products that have now had those issues patched include the AGX Xavier, Xavier NX, TX1 and TX2 as well as the Jetson Nano.

The bulletin highlights a vulnerability codified as CVE-2021-34372 to be the most severe one. It allowed bad actors to execute a buffer overflow attack on the device running the Jetson SoC. Even though the hacker would need network access to the victim system to execute the attack, the hack itself is not very difficult to pull off.

Additionally, a system compromised using this buffer overflow technique would be further exposed to a number of escalated threats, including denial of service, information disclosure and the bad actor gaining elevated privileges on the device.

Of the remaining severe vulnerabilities addressed, another six would also allow the bad actor carrying out the attack to execute a denial of service attack. A number of other vulnerabilities and bugs had to do with how the memory and request buffers on the devices were handled and could primarily lead to partial of complete denial of service.

The remainder of the high-threat level vulnerabilities are tracked as CVE-2021-34373 through CVE-2021-34380.

The good news is that the software update is released and owners of any systems and devices running Jetson SoC hardware should update them as soon as possible.

By Zaib
June 22, 2021
Computer Security
English
June 22, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Ransomware

The Qlocker Ransomware Targets QNAP Devices

Over the past year, QNAP devices have become the target of multiple large-scale attack campaigns carried out by anonymous cybercriminals. Many of these attacks involved the use of file-encryption Trojans and,... Read more

April 22, 2021
Malware

Pareto Botnet Targets Internet-of-Things Devices

Modern botnet creators rarely go after computers and, instead, they are looking into exploiting a far more widely spread piece of technology – Internet-of-things (IoT) devices. In short, IoT devices are pretty much... Read more

April 23, 2021
Malware

XCodeGhost Malware on iOS Devices

XCodeGhost is the name of a modified, malicious version of Apple's official XCode development environment that is used for creating and publishing mobile iOS applications. XCodeGhost was first discovered back in 2015... Read more

May 24, 2021
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.