Denial-Of-Service (DoS) attacks bugs

Hello Nvidia team,

I saw this article which is mentioning a bug affecting the Nvidia Jetson platforms.

Is this bug affecting all L4T prior to L4T R32.5.1 ?

I saw as well the Security Bulletin.

Are you planning to provide a patch or updating the binaries for L4T prior to L4T R32.5.1 ?


All the fixes of this Security Bulletin will included at the next release, customer need to move on it to fix this issue.

Hey @kayccc

We have products in the field, we need to update the components affected (e.g. Trusty and MB2).

For your information, we are using L4T R32.3.1 and we can not update to the latest release.

To protect your system, download and install the latest Debian packages from the APT repositories.

hello ilies.chergui,

could you please share some details why you cannot update to the latest release.

FYI, some of those releases can do OTA to the next release. Do you have a local Jetson with the older R32.3.1 release which is not critical and you could test having it run an OTA upgrade to a more recent release? I couldn’t say for certain, but during such an upgrade some of those patches are probably installed (if it works…thus the suggestion to test on a non-critical Jetson).

Hey @JerryChang @linuxdev

Thanks both for the response.

Our product is using a custom Linux distribution based on Yocto more specifically meta-tegra as the BSP layer . We can not perform APT updates because this is not allowed. we have our own to apply updates.

We need the patches (only for trusty because we have the sources)
and the new bootloader binaries which correspond to the L4T R32.3.1 release.

hello ilies.chergui,

sorry, our current policy is NOT back porting the fixes.
due to we’re based-on the latest code-line to submit the changes; there’re code conflicts and also dependency for back port the changes to those earlier releases.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.