NVIDIA released security updates for six high severity vulnerabilities found in the Tegra Linux Driver Package (L4T) for Jetson AGX Xavier, TK1, TX1, TX2, and Nano chips used in
Mercedes-Benz's MBUX infotainment system and Bosch
self-driving computer systems.
The chips affected by these flaws are also used in HP and Acer Chromebooks [
1,
2], Android tablets,
Nintendo Switch video game consoles, and
Magic Leap One virtual retinal displays.
These security flaws that could allow local attackers with various levels of user privileges to execute arbitrary code, escalate privileges, trigger denial-of-service (DoS) states, and launch information disclosure attacks against devices featuring unpatched chips.
The high severity vulnerabilities
Potential attackers could run code on devices with vulnerable chips by taking advantage of unpatched code execution flaws, while exploiting the vulnerabilities that lead to a DoS state can render them temporarily unusable.