Hi NVIDIA exports,
I have a question about CVE issue. please have a link as below
Do these CVE issue also exist on NVIDIA Orin series platform?
thanks,
Limeng
From that link you provided, that’s related with dGPU, not with Jetson Orin. Thanks
Is the CVE issue in https://nvidia.custhelp.com/app/answers/detail/a_id/5703 also not applicable for NVIDIA Orin platform
Yes, there is no mentioend Jerson Orin in that bulletin, thus not applicable to Jetson Orin platform.
About the CVE-2025-23270, in link Security Bulletin: NVIDIA Jetson Orin, IGX Orin and Xavier Devices - July 2025 | NVIDIA
it says jetson Linux 36.4.4 has fixed this CVE.
Do you know which part of code fixed this CVE? Or is there a patch(commit ID of repo) used to fix this CVE?
thanks,
Limeng
We do not have specific patch for CVE fix, customer need to update to newer version.
Thanks
ok! Maybe this question is out of your capability
But I don’t think there is no repos for UEFI.
I will connect other maintainers directly.
thanks,
Limeng
I got a Nvidia uefi repo
and this commit fix(stmm): add error handling for var store integrity · NVIDIA/edk2-nvidia@5fa4ab2 · GitHub
may be used to fix this CVE issue.
Could you please help to confirm with development and testing engineer?
They are:
Signed-off-by: Girish Mahadevan gmahadevan@nvidia.com
Reviewed-by: Ashish Singhal ashishsingha@nvidia.com
Reviewed-by: Jeff Brasen jbrasen@nvidia.com
Tested-by: Jake Garver jake@nvidia.com
Reviewed-by: Jake Garver jake@nvidia.com
thanks,
LImeng
Hi,
Latest CVE fix for Orin platforms is
Security Bulletin: NVIDIA Jetson and IGX Devices - October 2025 | NVIDIA
If you use Jetpack 6 r36, CVE-2025-33182 is fixed. It is present on Jetpack 5 r35 and the patches are shared in
Jetson 35.6.3 - #26 by AastaLLL
thanks for replying.
But I want to get the information of CVE-2025-23270.
thanks,
LImeng
Hi,
You are right. [fix(stmm): add error handling for var store integrity] is to fix CVE-2025-23270.
thanks for confirm this CVE issue.
BR,
Limeng