Official Updated 10/13/2025 09:19 AM
Preface: Railway applications have traditionally relied on fixed-function embedded computers to perform tasks such as signaling, monitoring, and train control. To bridge this gap, rail operators and system integrators are turning to AI-driven edge computing to meet the growing demand for real-time processing and automation.
Background: The Nvidia Jetson is not just a CPU; it is a complete embedded computing board with both a CPU and a powerful GPU, memory, and other components on a single module. It is a System on Module (SoM) designed for AI and machine learning applications at the edge.
CPU: The Jetson modules contain an ARM-based CPU for general-purpose processing.
GPU: A key feature is the integrated GPU with CUDA cores, which is specialized for parallel processing and AI tasks.
The NVIDIA Jetson Linux Driver Package includes a UEFI-based bootloader. This bootloader is the standard firmware for newer Jetson platforms like Orin and AGX Xavier, replacing the older CBoot system. The UEFI firmware is included with the Linux kernel, drivers, and a root filesystem for the Jetson platform.
Component of the driver package: The UEFI bootloader is a standard part of the Jetson Linux Driver Package, alongside the Linux kernel, drivers, and utilities.
Support for modern platforms: Support for the UEFI bootloader is included in recent releases of Jetson Linux, such as R35.6.0 and later, for platforms like Jetson AGX Orin, Orin NX, Orin Nano, and others.
Vulnerability details:
CVE-2025-33182: NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service.
CVE-2025-33177: NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service.
Official announcement: Please refer to the url for details –