Security Bulletin: NVIDIA Linux for Tegra (L4T) “KRACK” vulnerabilities

Answer ID 4601
Updated 01/02/2018 05:00 PM

L4T requires customer action for "KRACK" vulnerabilities, which may lead to escalation of privileges or information disclosure


Vulnerability Details

The following section summarizes the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS.

CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

L4T ships with a reference root file system based upon the Ubuntu® Operating System, which is vulnerable to “KRACK” vulnerabilities. For more information about “KRACK,” see the Ubuntu Security Notice at https://usn.ubuntu.com/usn/usn-3455-1/.

NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn't know of any exploits to these issues at this time.

Affected Products

Product OS
Jetson TK1 R21.6 and prior versions
Jetson TX1 R28.1 and R24.2.2 and prior versions
Jetson TX2 R28.1
L4T/Linux

Fixes

To remediate this issue, do one of the following:

  • Apply system updates by using the following command:

    sudo apt-get update

  • Update the specific packages listed in the Ubuntu Security Notice from Canonical for the “KRACK” vulnerability at https://usn.ubuntu.com/usn/usn-3455-1/.

    For the standard update process on all security bulletins from Canonical, including the bulletin for “KRACK,” see this recommendation at https://wiki.ubuntu.com/Security/Upgrades.

As a reminder, the Ubuntu sample root file system that ships with L4T is provided as a convenience. NVIDIA denies any obligations to provide support, including bug fixes and security updates, and provides no warranty for this software. Customers are responsible for the selection and support of the root file system.

Mitigations

None.

Acknowledgements

None.

Get the Most Up to Date Product Security Information

To learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT) or to see the current list of NVIDIA security bulletins, go to NVIDIA Product Security.

Revision History

Revision Date Description
2.0 January 2, 2018 Clarified the list of affected products
1.0 December 20, 2017 Initial release
Disclaimer

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information furnished is believed to be accurate and reliable. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

LIVE CHAT

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

CONTACT US