NVIDIA Jetson chipset contains a series of security holes that allow data theft, DDoS attacks
Evaluation from experts shows that these vulnerabilities can completely be abused by hackers to carry out denial of service (DDoS) attacks, and even steal the target's data, according to the report. from Threat Post.
Nvidia has now confirmed the problem and will soon release a patch in the near future. There are a total of 9 vulnerabilities, all rated at high severity. With that said, these vulnerabilities exist in the Jetson framework, so could directly affect millions of IoT devices running NVIDIA Jetson chips, including embedded systems, AI applications, and even devices. Independent automation such as robots, drones, etc.
Some of the affected products identified include Jetson Nano devices (including Jetson Nano 2GB), Xavier NX/TX1, AGX Xavier, Jetson TX2 (including Jetson TX2 NX).
The most serious flaw
Out of the 9 vulnerabilities mentioned above, CVE-2021-34372 is rated as the most severe case, which can expose the Jetson framework to attack through a buffer overflow. While the NVIDIA Security Bulletin explains that an attacker needs access to the local network to carry out such an attack, please note that that's all the hacker needs.
In other words, this is a fairly easy vulnerability to exploit. Once infiltrated, an attacker can take control of the target system by gaining permanent access to various components, not just the NVIDIA chipset, thereby manipulating or sabotaging the system.
Besides CVE-2021-34372, the remaining 8 vulnerabilities include:
- CVE‑2021‑34380
- CVE‑2021‑34379
- CVE‑2021‑34378
- CVE‑2021‑34376
- CVE‑2021‑34377
- CVE‑2021‑34373
- CVE‑2021‑34374
- CVE‑2021‑34375
It should be noted that all of these vulnerabilities have a severity rating of 7 to 7.9 on the CVSS scale. Most of the vulnerabilities affect Jetson's trusted Linux kernel and target the component's heap memory frame. From there, the chipset can be easily manipulated to create various errors. Furthermore, six of these vulnerabilities can be exploited to trigger DDoS attacks.
You should read it
- What to do to protect the device from ZombieLoad attack?
- Detected a serious BIOS vulnerability, affecting many Intel processors
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connection
- Specter V2 vulnerability re-appears to attack Intel, Arm CPUs, AMD chips are not affected
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- New vulnerability on MediaTek chip makes 30% of Android smartphones can be eavesdropped
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
May be interested
- Warning: The number of vulnerabilities in open source software are increasing rapidlybesides malware, spam emails or ddos attacks, vulnerabilities in open source software are also considered as one of the most significant security threats at the moment.
- Cloudflare provides tools to reduce the effects of free DDoS attackscloudflare has a move that makes ddos-mitigation world (reducing the effect of ddos) surprised to announce its intention to provide ddos protection tools when it reaches the peak without taking any more money.
- What is DDoS Extortion attack?also known as ransom ddos (rddos) attacks, ddos extortion occurs when cybercriminals threaten individuals or organizations to perform a ddos attack, if a request for blackmail is not met.
- What is data exfiltration? How to prevent this dangerous behavior?data exfiltration also has other ways of calling data theft (data theft), or data exportation (unauthorized data export).
- DDoS attack, 'goddamn' of websitesddos is the type of attack that makes goals, which are websites, online services, become overloaded. users have difficulties, or even cannot access these sites and services.
- Bitter lessons for Sonythe recent psn (playstation network) service has made sony wobble. although i have control over the situation, it may be a bloody lesson not only for sony, but also for other businesses ...
- Top effective anti-DDoS softwarethe number of ddos attacks has increased significantly in scale and complexity, causing business disruption, financial loss and reputational damage. effective anti-ddos software such as bizfly anti ddos
- What are DoS and DDoS denial of service attacks? What are their harmful effects?what are dos, ddos, what are the signs to recognize dos, ddos and what are their harmful effects? in this article, tipsmake.com.com will find out with you.
- Some basic website security rulesover the past week, a series of websites and server systems that have been attacked, compromised and stolen data have raised concerns from end users. how response solutions?
- Warning the emergence of ransomware DDoS attack, the scale can be up to 800Gbpsalthough it is not a new form of attack, ddos has always been considered as the leading threat to organizations and businesses globally.