CVE-2025-23270
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-07-17
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | jetson_linux | 35.6.2 |
| nvidia | jetson_linux | 36.4.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-392 | The product encounters an error but does not provide a status code or return value to indicate that an error has occurred. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the UEFI Management mode of NVIDIA Jetson Linux on certain devices, where an unprivileged local attacker can exploit a side channel vulnerability to expose sensitive information. It may allow the attacker to execute code, tamper with data, cause denial of service, and disclose information without needing privileges or user interaction. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to code execution, data tampering, denial of service, and information disclosure on affected NVIDIA Jetson Linux devices. This means an attacker could potentially control the system, alter data, disrupt services, or access sensitive information. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade your NVIDIA Jetson Linux or IGX OS to the fixed versions: Jetson Linux 35.6.2 or 36.4.4 for Jetson Orin and Xavier series, and IGX OS 1.1.2 for IGX Orin. Users running earlier versions should update to these releases to address the vulnerability. [1]