Hello,
The following post indicates that 35.6.3 will fix CVE-2025-33182 & CVE-2025-33177
However, this was posted nearly 3 weeks ago and the page with the relevant link appears to be missing.
Could you let me know when we can expect the links to be made available? As I need to schedule the migration and it would be really helpful to have some ETA!
Also, is the kernel also affected with the CVEs?
Thanks
Hi,
We may not have the release page of R35.6.3. Will deliver the patches. Will update.
Please refer to below patches for this CVE update.
a3acc04.diff.zip (3.4 KB)
71848c0.diff.zip (3.8 KB)
92527cd.diff.zip (1.5 KB)
Thank you!
Hi,
Are you sure those are the valid serie of patches from 35.6.2 to 35.6.3? It seems to be various diff for an older version of the kernel (and uefi) such as 4.9 where nvmap was implemented under drivers/video/tegra/nvmap/. However, in Jetson Linux 5.10 (L4T R35.x), it appears that the nvmap functionality is now integrated into other modules so the patch can’t be applied.
HI,
where did you attempt to apply the patch?
This one for instance:
diff --git a/drivers/video/tegra/nvmap/nvmap_alloc.c b/drivers/video/tegra/nvmap/nvmap_alloc.c
index 8f9b6bf..35b81fc 100644
— a/drivers/video/tegra/nvmap/nvmap_alloc.c
+++ b/drivers/video/tegra/nvmap/nvmap_alloc.c
This file does not exist:
nvidia-jetson-kernel/kernel/kernel-5.10$ find . -name nvmap_alloc.c
nvidia-jetson-kernel/kernel/kernel-5.10$
Do you have such file on your end?
Here linux-tegra-5.10/drivers/video at oe4t-patches-l4t-35.6.0 · OE4T/linux-tegra-5.10 · GitHub
There is not tegra subfolder let’s alone nvmap_alloc.c.
Can you provide exact repo and sha from where I can apply those diff?
Thanks
Hi,
The repo is under kernel/nvidia but not kernel/kernel-5.10.
Any link to the right repo and sha?
The nvidia-jetson-kernel/kernel/kernel-5.10 is my own hierarchy. The patch should be applied from there, as you can see it start from a/drivers/… not from a/kernel/nvidia/drivers
The repo name is “linux-nvidia” and source_sync.sh shall also download that one down.
You could download kernel source from the tarball first to understand how the repo be like.
Oh, I see. Those are for you out-of-tree stuff. Thanks
correct. For rel-35, the OOT software is in nvidia repo.
For rel-36, the OOT is in nvidia-oot repo.
Hello,
I have noticed the following: Memory issue after latest kernel update - #8 by AastaLLL
Does it means I should refrain to apply the former patches for production and wait for another series of patches that fix the CVEs but without the memory issue?
Can you confirm?
Thanks
Hi,
Our teams are checking the issue. Will update when there is further progress.