Impact of cve-2024-0148 on NVidia Orin NX and Orin Nano

Hi,

Could you please elaborate on how this CVE affects Orin NX and Orin Nano series? It sounds like from the description the problem is in UEFI firmware which impacts likely other product family as well.

Are there commits in 35.6.1 and 36.4.3 we can cherry-pick?
I found this ticket but there does not seem to be a conclusion on the impact: Vulnerability(CVE‑2024‑0148) On Jetson Orin NX

No.

Please refer to Security Bulletin: NVIDIA Jetson AGX Orin Series and IGX Orin - February 2025 | NVIDIA, and upgrade your SW to 35.6.1 or 36.4.3 to avoid this vulnerability(CVE‑2024‑0148).

Thanks for the reply. Is it my understanding right that as NX/Nano Orin customers we shall also update to 35.6.1/36.4.3? Does this mean NX/Nano Orin are also impacted?

Yes, for all ORin family.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.