Cve-2017-6264

roger1 · May 4, 2023, 3:06pm

Hello,

I have some questions about CVE-2017-6264:

Does CVE-2017-6264 affect the Jetson Nano?
Is CVE-2017-6264 fixed in L4T 32.7.3 / JetPack 4.6.3?
Are there any known mitigations?

Also when will NVIDIA ship the latest bug fixes for the 4.9 kernel (Linux v4.9.337)?

JerryChang · May 5, 2023, 2:19am

hello roger1,

you may check this… NVIDIA Product Security | NVIDIA
however, CVE-2017-6264 it address the issue on Android, this CVE does not apply to software in Ubuntu archives.

what’s the issue you’re mentioned? did you meant the upstream kernel fixes?

roger1 · May 5, 2023, 9:00am

Thanks for the clarification @JerryChang!

L4T 32.7.3 contains Linux v4.9.299. My question is when will NVIDIA provide L4T with v4.9.337 for the Jetson Nano.

JerryChang · May 8, 2023, 2:33am

hello roger1,

please refer to JetPack Archive | NVIDIA Developer.
since rel-32 code-line it’s quite old, and it doesn’t support with the latest Jetson platforms.
so… I don’t have solid release date about next rel-32 code-line update.

roger1 · May 10, 2023, 1:17pm

Thanks for the answers @JerryChang.

It’s a shame that NVIDIA abandoned the software support for Jetson Nano before it’s EOL.
This has led my company to decide to move away from Tegra processors for future products.

system · May 30, 2023, 2:35am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.