CVE-2024-0112

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0005 15.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. A successful exploit of this vulnerability might lead to code execution, denial of service, data corruption, information disclosure, or escalation of privilege.

Security Summary

CVE-2024-0112 is an improper input validation vulnerability (CWE-20) affecting NVIDIA Jetson AGX Orin and NVIDIA IGX Orin software. Published on February 12, 2025, it carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). The flaw arises when an attacker escalates certain permissions to a limited degree, potentially enabling a range of impacts including arbitrary code execution, denial of service, data corruption, information disclosure, or further privilege escalation.

Exploitation requires a local attacker with high privileges (PR:H) and involves high attack complexity (AC:H), with no user interaction needed. Successful attacks can alter the scope (S:C) to achieve high confidentiality, integrity, and availability impacts, such as executing code in a privileged context, corrupting data, leaking sensitive information, or causing system denial of service on the affected Jetson or IGX Orin platforms.

NVIDIA has published a security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5611 providing details on the vulnerability.

Details

CWE(s): CWE-20

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5611
psirt@nvidia.com