This week, Nvidia announced patches for several vulnerabilities affecting its artificial intelligence and networking products. The chip giant released two security bulletins addressing these issues. One bulletin covers CVE-2024-0108, a high-severity flaw impacting Jetson products, which are used in robotics and embedded edge AI applications.
The affected Jetson products include Jetson AGX Xavier, Jetson Xavier NX, Jetson TX2, Jetson TX2 NX, Jetson TX1, and Jetson Nano running on Jetson Linux. Nvidia explained that the vulnerability in NvGPU involves error handling paths in GPU MMU mapping code that fail to clean up after a failed mapping attempt. If exploited, this flaw could lead to denial of service, code execution, and escalation of privileges.
The second security bulletin addresses vulnerabilities in the Mellanox OS switch operating system for data centers and its successor OnyX, as well as the Skyway InfiniBand-to-Ethernet gateway and the MetroX long-haul system. One of the vulnerabilities, CVE-2024-0101, is a high-severity ‘ipfilter’ issue that can be exploited to launch denial-of-service attacks against switches. Another flaw, CVE-2024-0104, is a medium-severity issue that could result in improper access.
Since the beginning of the year, Nvidia has reported more than 60 vulnerabilities found in its products. These disclosures underscore the importance of applying the latest patches and updates to maintain the security of AI and networking systems. Nvidia’s proactive approach to addressing these vulnerabilities helps protect users from potential exploitation and ensures the continued reliability of their products.
Reference:
