CVE-2024-0148

NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5617

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La imagen del sistema operativo NVIDIA Jetson Linux e IGX contiene una vulnerabilidad en el modo de arranque RCM del firmware UEFI, donde un atacante sin privilegios con acceso físico al dispositivo podría cargar código no confiable. Una explotación exitosa podría provocar la ejecución de código, la escalada de privilegios, la manipulación de datos, la denegación de servicio y la divulgación de información. El alcance de los impactos puede extenderse a otros componentes.

25 Feb 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-25 21:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-0148

Mitre link : CVE-2024-0148

CVE.ORG link : CVE-2024-0148

JSON object : View

Products Affected

No product.

CWE

CWE-447

Unimplemented or Unsupported Feature in UI

7.6 /10