Nvidia this week announced patches for vulnerabilities affecting several of its artificial intelligence and networking products.
The chip giant has published two security bulletins. One of them covers CVE-2024-0108, a high-severity flaw affecting Jetson products, which are designed for robotics and embedded edge AI applications.
The security hole impacts Jetson AGX Xavier, Jetson Xavier NX, Jetson TX2, Jetson TX2 NX, Jetson TX1, and Jetson Nano on Jetson Linux.
“Nvidia Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges,” the company explained in its advisory.
The second security bulletin covers vulnerabilities affecting the Mellanox OS switch operating system for data centers and its successor OnyX, the Skyway InfiniBand-to-Ethernet gateway, and the MetroX long-haul system.
One vulnerability, CVE-2024-0101, is a high-severity ‘ipfilter’ issue that can be exploited to launch denial-of-service (DoS) attacks against switches.
The second flaw, CVE-2024-0104, is a medium-severity issue that can result in improper access.
“A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges,” Nvidia said.
Since the beginning of the year, the company has informed customers about more than 60 vulnerabilities found in its products.
Related: Nvidia Patches High-Severity GPU Driver Vulnerabilities
Related: Code Execution Flaws Haunt Nvidia ChatRTX for Windows
Related: Credentials of 71,000 Nvidia Employees Leaked Following Cyberattack