AI platforms: UEFI vulnerability threatens Nvidia Jetson and IGX Orin
Attackers can attack Nvidia's Jetson Linux and IGX OS to compromise systems. Security updates are available for download.
(Image: Tatiana Popova/Shutterstock.com)
Nvidia's AI platforms Jetson and IGX Orin are vulnerable. If the conditions are right, attackers can target a UEFI vulnerability and, in the worst case, execute malicious code.
Various attacks possible
According to a warning message, attacks on the vulnerability (CVE-2025-0148 “high”) are only possible if attackers have physical access to devices. If this is the case, they can target the vulnerability in the ReCovery Mode (RCM) of the Tegra processor. They do not need to have any special user rights to carry out a successful attack.
If an attack is successful, they can generate DoS states, view information that is actually sealed off or even execute malicious code, among other things. How such an attack could work in detail and whether there are already attacks is currently unknown.
The developers state that they have solved the security problem in IGX 1.1 and Jetson Linux 36.4.3. Admins should install these versions as soon as possible.
(des)
