Hello,
The following post indicates that 35.6.3 will fix CVE-2025-33182 & CVE-2025-33177
However, this was posted nearly 3 weeks ago and the page with the relevant link appears to be missing.
Could you let me know when we can expect the links to be made available? As I need to schedule the migration and it would be really helpful to have some ETA!
Also, is the kernel also affected with the CVEs?
Thanks
Hi,
We may not have the release page of R35.6.3. Will deliver the patches. Will update.
Please refer to below patches for this CVE update.
a3acc04.diff.zip (3.4 KB)
71848c0.diff.zip (3.8 KB)
92527cd.diff.zip (1.5 KB)
Thank you!
Hi,
Are you sure those are the valid serie of patches from 35.6.2 to 35.6.3? It seems to be various diff for an older version of the kernel (and uefi) such as 4.9 where nvmap was implemented under drivers/video/tegra/nvmap/. However, in Jetson Linux 5.10 (L4T R35.x), it appears that the nvmap functionality is now integrated into other modules so the patch can’t be applied.
HI,
where did you attempt to apply the patch?
This one for instance:
diff --git a/drivers/video/tegra/nvmap/nvmap_alloc.c b/drivers/video/tegra/nvmap/nvmap_alloc.c
index 8f9b6bf..35b81fc 100644
— a/drivers/video/tegra/nvmap/nvmap_alloc.c
+++ b/drivers/video/tegra/nvmap/nvmap_alloc.c
This file does not exist:
nvidia-jetson-kernel/kernel/kernel-5.10$ find . -name nvmap_alloc.c
nvidia-jetson-kernel/kernel/kernel-5.10$
Do you have such file on your end?
Here linux-tegra-5.10/drivers/video at oe4t-patches-l4t-35.6.0 · OE4T/linux-tegra-5.10 · GitHub
There is not tegra subfolder let’s alone nvmap_alloc.c.
Can you provide exact repo and sha from where I can apply those diff?
Thanks
Hi,
The repo is under kernel/nvidia but not kernel/kernel-5.10.
Any link to the right repo and sha?
The nvidia-jetson-kernel/kernel/kernel-5.10 is my own hierarchy. The patch should be applied from there, as you can see it start from a/drivers/… not from a/kernel/nvidia/drivers
The repo name is “linux-nvidia” and source_sync.sh shall also download that one down.
You could download kernel source from the tarball first to understand how the repo be like.
Oh, I see. Those are for you out-of-tree stuff. Thanks
correct. For rel-35, the OOT software is in nvidia repo.
For rel-36, the OOT is in nvidia-oot repo.
Hello,
I have noticed the following: Memory issue after latest kernel update - #8 by AastaLLL
Does it means I should refrain to apply the former patches for production and wait for another series of patches that fix the CVEs but without the memory issue?
Can you confirm?
Thanks
Hi,
Our teams are checking the issue. Will update when there is further progress.
Hello,
We need to make a new BSP for our product line by the end of this month and we would like to know if there is any update on your side as we need to decide if the patches provided should be integrated or if this is better to ignore them for the time being.
In doubt, probably we will not take our chance and drop them but as the next scheduled BSP is not planned before next spring, addressing those CVEs right now would be preferable.
Are you able to share any insight on the current situation?
Thanks
Best,
Hi,
We would suggest apply the patches. If you don’t allocate very-large CUDA buffer in your use-case, you should not hit the allocate-buffer failure.
Internally we are actively investigating why the failure is triggered in launching ollama.
Thanks for the reply. I will check with our team working on the applications to see if they do such large allocation.
Could it be possible to have a more specific value for ‘very large’ so we can validate the requirements of the ml team ?
Hi,
Please apply only the UEFI patch. Not to apply the two kernel patches as of now. We are still investigating the issue. Once there is a reliable solution, we will share it.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.