Nvidia patches severe bugs in edge computing modules

Nvidia has released 13 patches targeting two low-end embedded computing boards. The processor company explained in a security advisory this week that the flaws could lead to code execution, denial of service, escalation of privileges, or information disclosure.

These security bugs won’t turn up in your gaming PC, but they could cause problems for your drone or smart internet facial recognition security camera. They affect the Nvidia Jetson TX1 and TX2 boards, each of which carries an Nvidia Tegra processor. Released in November 2015, the TX1 is a module the size of a pack of cigarettes designed to be integrated into IoT products. The TX2 is a higher-powered successor.

Described by Nvidia as a “supercomputer on a module”, these boards are designed for AI-powered applications like embedded deep learning and computer vision. These are the kinds of modules that put the ‘edge’ in edge computing. They’re supposed to be used in robots, 3D scanners and the like.

Vulnerability CVE‑2018‑6269 gets the highest base score (a CVSS score representing severity) in the security advisory. It is a flaw in the Tegra kernel driver’s input/output control handling for user mode requests. This is the only bug in the pack that could lead to potential code execution, according to the advisory.