CVE-2022-21819 – This vulnerability in NVIDIA Jetson Linux allow... (How to Fix)

Q: What is the severity of CVE-2022-21819?

CVE-2022-21819 has a CVSS score of 7.6 (HIGH). This vulnerability in NVIDIA Jetson Linux allows an unprivileged attacker with physical access to bypass IOMMU protections and gain direct read/write access to the entire system memory through PCI bus DMA attacks. This affects all NVIDIA Jetson devices running vulnerable versions of Jetson Linux. The attack requires physical access to the device.

📋 TL;DR

This vulnerability in NVIDIA Jetson Linux allows an unprivileged attacker with physical access to bypass IOMMU protections and gain direct read/write access to the entire system memory through PCI bus DMA attacks. This affects all NVIDIA Jetson devices running vulnerable versions of Jetson Linux. The attack requires physical access to the device.

💻 Affected Systems

Products:

NVIDIA Jetson AGX Xavier
NVIDIA Jetson Xavier NX
NVIDIA Jetson TX2
NVIDIA Jetson Nano

Versions: Jetson Linux versions prior to 32.7.2

Operating Systems: Jetson Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. Requires physical access to PCI/PCIe bus connectors.

📦 What is this software?

Jetson Linux by Nvidia

View all CVEs affecting Jetson Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including arbitrary code execution, privilege escalation, data theft/modification, and persistent denial of service.

🟠

Likely Case

Physical attacker gains full system control, can install persistent malware, extract sensitive data, or render device unusable.

🟢

If Mitigated

With proper physical security controls, risk is limited to authorized personnel with physical access.

🌐 Internet-Facing: LOW - Requires physical access to device, not remotely exploitable.

🏢 Internal Only: MEDIUM - Risk exists for devices in physically accessible locations within secure facilities.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical hardware access and PCI/PCIe device connection. Public proof-of-concept demonstrates DMA attack methodology.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Jetson Linux 32.7.2 and later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5321

Restart Required: Yes

Instructions:

1. Download Jetson Linux 32.7.2 or later from NVIDIA Developer site. 2. Flash the new image to the Jetson device using NVIDIA SDK Manager or command-line tools. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Physical Security Controls

all

Restrict physical access to devices and PCI/PCIe connectors

Disable Unused PCI/PCIe Slots

linux

Disable PCI/PCIe slots in BIOS/UEFI if not needed

Access BIOS/UEFI settings during boot and disable unused PCI/PCIe slots

🧯 If You Can't Patch

Implement strict physical security controls and access monitoring
Disconnect or physically secure all PCI/PCIe expansion slots and connectors

🔍 How to Verify

Check if Vulnerable:

Check Jetson Linux version: cat /etc/nv_tegra_release | head -1

Check Version:

cat /etc/nv_tegra_release | head -1

Verify Fix Applied:

Verify version is 32.7.2 or later: cat /etc/nv_tegra_release | grep -q 'R32 (release), REVISION: 7.2' && echo 'Patched'

📡 Detection & Monitoring

Log Indicators:

Unexpected PCI/PCIe device connections
DMA-related kernel errors
Unauthorized physical access events

Network Indicators:

None - this is a physical access attack

SIEM Query:

Search for physical access logs, PCI device connection events, or DMA-related kernel errors

📊 Metadata

CVE ID: CVE-2022-21819

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-732

Published: March 11, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21819, you might also want to check these: