Vulnerability Details
The following section summarizes the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS.
CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
L4T ships with a reference root file system based upon the Ubuntu® Operating System, which is vulnerable to “KRACK” vulnerabilities. For more information about “KRACK,” see the Ubuntu Security Notice at https://usn.ubuntu.com/usn/usn-3455-1/.
NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn't know of any exploits to these issues at this time.
Affected Products
Affected Products| Product | OS | Versions |
|---|---|---|
| Jetson TK1 | Linux for Tegra | R21.6 and prior versions |
| Jetson TX1 | Linux for Tegra | R28.1 and prior versions R24.2.2 and prior versions |
| Jetson TX2 | Linux for Tegra | R28.1 and prior versions |
Fixes
To remediate this issue, do one of the following:
-
Apply system updates by using the following command:
sudo apt-get update
-
Update the specific packages listed in the Ubuntu Security Notice from Canonical for the “KRACK” vulnerability at https://usn.ubuntu.com/usn/usn-3455-1/.
For the standard update process on all security bulletins from Canonical, including the bulletin for “KRACK,” see this recommendation at https://wiki.ubuntu.com/Security/Upgrades.
As a reminder, the Ubuntu sample root file system that ships with L4T is provided as a convenience. NVIDIA denies any obligations to provide support, including bug fixes and security updates, and provides no warranty for this software. Customers are responsible for the selection and support of the root file system.
Mitigations
None.
Acknowledgements
None.
Get the Most Up to Date Product Security Information
To learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT) or to see the current list of NVIDIA security bulletins, go to NVIDIA Product Security.
Revision History
| Revision | Date | Description |
|---|---|---|
| 3.1 | February 20, 2018 | Updated column head in the table of affected products |
| 3.0 | February 16, 2018 | Updated the table of affected products |
| 2.0 | January 2, 2018 | Added information about updated versions to the table of affected products |
| 1.0 | December 20, 2017 | Initial release |
Disclaimer
ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.
Information furnished is believed to be accurate and reliable. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.