CVE-2019-5672 — CRITICAL (9.1)

Q: How severe is CVE-2019-5672?

CVE-2019-5672 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-5672?

Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Jetson Tx1, Nvidia Jetson Tx2.

Vulnerability Description

NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.

CVSS Score

9.1

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Nvidia	Jetson Tx1	< r28.3
Nvidia	Jetson Tx2	< r28.3

Related Weaknesses (CWE)

CWE-320

References

https://nvidia.custhelp.com/app/answers/detail/a_id/4787Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4787Vendor Advisory

FAQ

What is CVE-2019-5672?

CVE-2019-5672 is a vulnerability with a CVSS score of 9.1 (CRITICAL). NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not...

How severe is CVE-2019-5672?

CVE-2019-5672 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-5672?

Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Jetson Tx1, Nvidia Jetson Tx2.