UEFI Vulnerability Poses Risks to Nvidia Jetson and IGX Orin Platforms

Nvidia's artificial intelligence platforms, Jetson and IGX Orin, have been identified as vulnerable to a critical UEFI security flaw. This vulnerability could potentially allow attackers to compromise systems running Nvidia's Jetson Linux and IGX OS.

According to security advisories, the vulnerability, classified as CVE-2025-0148 with a high severity rating, can only be exploited if an attacker has physical access to the affected devices. Once this access is gained, the attacker can target a weakness within the Recovery Mode (RCM) of the Tegra processor. Notably, the attacker does not require special user privileges to execute this attack.

In the event of a successful exploitation, the attacker could initiate Denial of Service (DoS) conditions, access restricted information, or even execute malicious code. The specifics of how such an attack might unfold are still unclear, and there is no current evidence of actual attacks occurring.

Developers have confirmed that they have addressed this security issue in the latest versions of IGX (version 1.1) and Jetson Linux (version 36.4.3). System administrators are urged to install these updates promptly to mitigate any potential risks associated with this vulnerability.

For users and organizations relying on these AI platforms, it is critical to remain vigilant and ensure that all security updates are applied without delay. The ongoing evolution of cyber threats necessitates a proactive approach to device security.