Information about NVIDIA® Tegra USB Recovery Mode Vulnerability

Friday, April 27, 2018

NVIDIAA recent publication has indicated that a person who has physical access to a Tegra-based Module can connect to the USB port, set the device into recovery mode, bypass the secure boot and execute unverified code.
(CVE-2018-6242: Code execution, escalation of privileges, and information disclosure)

It is not possible to remotely exploit this vulnerability. The vulnerability is only relevant for customers using Secure Boot.

Toradex currently does not plan to take any action. If you are using the secure boot feature and have any concerns, please contact Toradex Support.

Possible affected products:
Have a Question?