{ "id": "CVE-2024-0148", "sourceIdentifier": "psirt@nvidia.com", "published": "2025-02-25T21:15:14.700", "lastModified": "2025-02-25T21:15:14.700", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components." }, { "lang": "es", "value": "La imagen del sistema operativo NVIDIA Jetson Linux e IGX contiene una vulnerabilidad en el modo de arranque RCM del firmware UEFI, donde un atacante sin privilegios con acceso f\u00edsico al dispositivo podr\u00eda cargar c\u00f3digo no confiable. Una explotaci\u00f3n exitosa podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la escalada de privilegios, la manipulaci\u00f3n de datos, la denegaci\u00f3n de servicio y la divulgaci\u00f3n de informaci\u00f3n. El alcance de los impactos puede extenderse a otros componentes." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@nvidia.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.9, "impactScore": 6.0 } ] }, "weaknesses": [ { "source": "psirt@nvidia.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-447" } ] } ], "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5617", "source": "psirt@nvidia.com" } ] }