feat(hw-fw): NVIDIA Tegra/L4T CVE pins in known_firmware.yaml

Closes Reviewer A C2 + Reviewer B F-FORENSIC-03 deferred from
postmortem hw-firmware-adaptive-session-2026-05-18 Rec #3. 6 new
curated CVE family entries covering the NVIDIA Tegra/L4T BSP cluster
that DS1 (project d360f8f5) and other Jetson-based firmware images
depend on. Per-CVE NVD CPE list verified via direct WebFetch on
services.nvd.nist.gov/rest/json/cves/2.0?cveId=<CVE> recursively for
EACH of the 6 CVEs — Scout report's NVD claims independently
re-fetched before commit.

Recursive-verification discipline (Reviewer B 2026-05-15..18 caught
CVE-attribution failure modes 4 sessions in a row): every CVE-
attribution claim — whether from user prompt, scout report, or
reviewer finding — gets the direct NVD URL fetch before pinning.
The 6 fetches surfaced 3 user-prompt-discrepancies that NVD
overruled:

  * CVE-2021-1111 — user said "ALL Jetsons"; NVD CPE EXCLUDES
    TX1/Nano (only AGX-Xavier+TX2+TX2-NX+Xavier-NX listed).
    chipset_regex narrowed accordingly.

  * CVE-2021-34372 — user said product=tegra_tos_trusty; NVD CPE
    uses product=jetson_linux. wairz curated families: schema has
    no `product` field (only banner_cve_pin schema does); we narrow
    via vendor=nvidia + category=tee, which is the schematic
    equivalent for the Trusty OTE attack surface.

  * CVE-2022-42269 — user said "AGX-Xavier/TX2/Xavier-family"; NVD
    CPE ALSO includes jetson_tx1. chipset_regex expanded to include
    T210/TX1 (Nano stays excluded — different hardware anchor).

NVD wins per Rule #19 evidence-first in all 3 cases. All 6 pins
satisfy F-FORENSIC-10 narrowing (chipset_regex AND/OR version_regex
present — no family-only attribution).

Per-CVE summary
===============

| CVE | Fix at | Scope | Discrepancy? |
|-----|--------|-------|--------------|
| CVE-2019-5680 | R32.2 | TX1 only | None (R32.2 IS fix) |
| CVE-2021-1111 | R32.6.1 | AGX-Xav+TX2+TX2-NX+Xav-NX | NVD excludes TX1+Nano |
| CVE-2021-34372 | R32.5.1 | ALL Jetsons (TEE) | product=jetson_linux not tegra_tos_trusty |
| CVE-2021-34397 | R32.5.1 | TX2+Xavier family | None |
| CVE-2022-42269 | R32.7.2 | AGX-Xav+TX2+Xav-NX+TX1 | NVD adds TX1 |
| CVE-2022-42270 | R32.7.2 | Xavier only (NVDLA) | None |

Forward-prepared note
=====================

version_regex requires the L4T BSP release string ("R32.x.y" style)
to appear in blob.version OR any blob metadata value. The current
Tegra parser (commit 8054d22) does NOT yet extract L4T release from
blob content — these pins will fire when a future enhancement adds
L4T release extraction (e.g. parse /etc/nv_tegra_release on the
firmware tree → populate firmware.device_metadata["l4t_release"],
OR scan Tegra-blob head for "R<N> (release), REVISION: <x.y>"
banner string and store in blob.metadata).

Strict version_regex is the right discipline NOW per Reviewer B
discipline — better forward-prepared with zero false-positives than
firing on every Tegra blob regardless of L4T version.

Out-of-scope (explicit per user direction)
==========================================

CVE-2021-34373..34396 from the same NVIDIA security bulletin
disclosure batch — DO NOT batch-extrapolate. Each future CVE needs
its own NVD WebFetch verification before pinning. The disclosure-
batch antipattern has bitten wairz 4 sessions in a row (BTFM
2026-05-15, CVE-2021-28139 2026-05-16, CVE-2021-34147/31609/31612
2026-05-17, CVE-2019-5680 Selfblow 2026-05-18); the per-NVD-CPE
recipe applies recursively for any future Tegra coverage extension.

Tests (10 new in test_hardware_firmware_cve_matcher.py)
=======================================================

- test_tegra_cve_pins_all_six_loaded — all 6 entries present
- test_tegra_cve_pins_satisfy_f_forensic_10_narrowing —
  chipset_regex or version_regex on every pin (no family-only)
- test_cve_2019_5680_chipset_regex_tx1_only — accepts TX1,
  rejects TX2/Xavier/Nano (canonical Selfblow scope)
- test_cve_2021_1111_chipset_regex_excludes_tx1_and_nano —
  Rule #46 paired canary for the user-prompt discrepancy
- test_cve_2022_42269_chipset_regex_includes_tx1 —
  Rule #46 paired canary for the TX1-inclusion discrepancy
- test_cve_2022_42270_xavier_only_excludes_tx2 — NVDLA Xavier-only
- test_cve_2021_34397_excludes_tx1_and_nano — TX2/Xavier family
- test_cve_2021_34372_has_no_chipset_regex_per_nvd_all_jetsons —
  confirms intentional chipset_regex absence (ALL-Jetsons scope)
- test_tegra_version_regex_matches_pre_fix_l4t_releases —
  forward-prepared canary that pre-fix L4T release strings WILL
  match when extraction lands
- test_tegra_cve_pins_carry_nvd_url_reference — verifiability
  discipline: each pin's notes cites the NVD URL

66/66 cve_matcher tests pass. No regressions.

Refs:
- Postmortem hw-firmware-adaptive-session-2026-05-18 Rec #3
- NVD CPE WebFetch for each CVE (see notes field URLs)
- CLAUDE.md Rule #19 (evidence-first — NVD CPE list IS truth)
- CLAUDE.md Rule #25 (per-piece commits)
- CLAUDE.md Rule #46 (paired-canary discipline)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: eastmadc

backend/app/services/hardware_firmware/known_firmware.yaml

@@ -1144,3 +1144,170 @@ families:
       cache side-channel), -9496 (invalid-curve ECC), -13377 (SAE
       Brainpool timing). All four fixed by wpa_supplicant 2.9.
       Affects any pre-2.9 build.
+
+  # ===================================================================
+  # NVIDIA Tegra / L4T BSP CVE cluster — added 2026-05-15 per
+  # postmortem hw-firmware-adaptive-session-2026-05-18 Rec #3
+  # (Reviewer A C2 + Reviewer B F-FORENSIC-03 deferred). Each pin
+  # verified against NVD CPE list via direct WebFetch on
+  # services.nvd.nist.gov/rest/json/cves/2.0?cveId=<CVE>. Recursive-
+  # verification discipline (Reviewer B 2026-05-15..18) applied:
+  # Scout report's per-CVE CPE claims independently re-fetched
+  # before commit.
+  #
+  # 3 of 6 had user-prompt-discrepancies that NVD overruled:
+  #   * CVE-2021-1111  — user said "ALL Jetsons"; NVD CPE EXCLUDES
+  #                      TX1/Nano (only AGX-Xavier+TX2+TX2-NX+Xavier-NX).
+  #   * CVE-2021-34372 — user said product=tegra_tos_trusty; NVD CPE
+  #                      uses product=jetson_linux. wairz curated
+  #                      schema has no `product` field; we narrow via
+  #                      vendor=nvidia + category=tee instead.
+  #   * CVE-2022-42269 — user said "AGX-Xavier/TX2/Xavier-family";
+  #                      NVD CPE ALSO includes jetson_tx1 (T210).
+  #
+  # NVD wins per Rule #19 evidence-first in all 3 cases.
+  #
+  # FORWARD-PREPARED NOTE: version_regex requires L4T BSP release
+  # string ("R32.3.1" etc.) to appear in blob.version OR any blob
+  # metadata value. The current Tegra parser (parsers/tegra_blob.py,
+  # shipped commit 8054d22 2026-05-15) does NOT yet extract L4T
+  # release from blob content. These pins will fire when a future
+  # enhancement adds L4T release extraction (e.g. parse
+  # /etc/nv_tegra_release on the firmware tree → populate
+  # firmware.device_metadata["l4t_release"], OR scan Tegra-blob
+  # head for "R<N> (release), REVISION: <x.y>" banner string and
+  # store in blob.metadata). Until then the pins are documented
+  # forward-prepared entries — strict version_regex prevents
+  # over-attribution (Reviewer B 2026-05-18 discipline).
+  #
+  # OUT OF SCOPE this session per user direction: CVE-2021-34373..
+  # 34396 from the same NVIDIA security bulletin disclosure batch.
+  # The per-NVD-CPE recipe applies recursively for any future session
+  # extending Tegra coverage — DO NOT batch-extrapolate. Each CVE
+  # gets its own NVD WebFetch verification before pinning.
+  #
+  # Tegra chipset codes: T210 = TX1/Nano (Maxwell), T186 = TX2
+  # (Pascal), T194 = Xavier (Volta), T234 = Orin (Ampere; not
+  # affected by any of these 6 CVEs per NVD CPE).
+  # ===================================================================
+
+  - name: Tegra TX1 nvtboot Selfblow (CVE-2019-5680)
+    vendor: nvidia
+    category: bootloader
+    chipset_regex: "(?i)^(t210|tegra210|tx1)$"
+    version_regex: "(?i)(r3[01]\\b|r32\\.[01]\\b|r32\\.0\\.|r32\\.1\\.)"
+    strict_chipset: false
+    cves:
+      - CVE-2019-5680
+    severity: high
+    cvss_score: 6.7
+    notes: |
+      nvtboot load-address validation bypass on Tegra TX1 (T210).
+      NVD CPE: jetson_tx1_firmware versionEndExcluding=r32.2.
+      TX1-ONLY — explicitly EXCLUDES TX2 / Xavier / Nano.
+      Fix landed in L4T R32.2 (June 2019); R32.2 IS the fix cohort
+      (Reviewer B 2026-05-18 caught earlier R32.3.1 mis-attribution).
+      Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-5680
+
+  - name: Tegra NV3P USB recovery bounds-check (CVE-2021-1111)
+    vendor: nvidia
+    category: bootloader
+    chipset_regex: "(?i)^(t186|t194|tegra186|tegra194|tx2|tx2-nx|tx2nx|xavier-nx|xaviernx|agx-xavier|agxxavier)$"
+    version_regex: "(?i)(r32\\.[1-5]\\b|r32\\.6\\.0\\b|r32\\.[1-5]\\.|r32\\.6\\.0\\.)"
+    strict_chipset: false
+    cves:
+      - CVE-2021-1111
+    severity: medium
+    cvss_score: 6.0
+    notes: |
+      NV3P recovery-mode bounds-check failure (USB physical access).
+      NVD CPE: jetson_linux versionStartIncluding=32.1 AND
+      versionEndExcluding=32.6.1. Hardware = AGX-Xavier + TX2 +
+      TX2-NX + Xavier-NX ONLY. TX1 + Nano + Nano-2GB EXPLICITLY
+      EXCLUDED per NVD (contradicts session-prompt's "ALL Jetsons"
+      claim — NVD wins per Rule #19 evidence-first).
+      Fix in L4T R32.6.1 (Aug 2021).
+      Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-1111
+
+  - name: Tegra Trusty OTE integer overflow (CVE-2021-34372)
+    vendor: nvidia
+    category: tee
+    version_regex: "(?i)(r3[01]\\b|r32\\.[0-4]\\b|r32\\.5\\.0\\b|r3[01]\\.|r32\\.[0-4]\\.|r32\\.5\\.0\\.)"
+    strict_chipset: false
+    cves:
+      - CVE-2021-34372
+    severity: high
+    cvss_score: 7.8
+    notes: |
+      Integer overflow in malloc() size calc in Trusty OS OTE
+      protocol parser. NVD CPE: jetson_linux versionEndExcluding=
+      32.5.1. Hardware list = ALL Jetsons (TX1 + TX2 family + AGX-
+      Xavier + Xavier-NX + Nano + Nano-2GB) — the broadest scope of
+      the 6 Tegra CVEs.
+      Session prompt claimed product=tegra_tos_trusty; NVD CPE uses
+      product=jetson_linux (NVD wins per Rule #19). wairz curated
+      schema has no `product` field; we narrow via vendor=nvidia +
+      category=tee instead. Fix in L4T R32.5.1.
+      Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-34372
+
+  - name: Tegra MB2 free-the-wrong-heap (CVE-2021-34397)
+    vendor: nvidia
+    category: bootloader
+    chipset_regex: "(?i)^(t186|t194|tegra186|tegra194|tx2|tx2-4gb|tx2-nx|tx2nx|tx2i|xavier-nx|xaviernx|agx-xavier|agxxavier)$"
+    version_regex: "(?i)(r3[01]\\b|r32\\.[0-4]\\b|r32\\.5\\.0\\b|r3[01]\\.|r32\\.[0-4]\\.|r32\\.5\\.0\\.)"
+    strict_chipset: false
+    cves:
+      - CVE-2021-34397
+    severity: medium
+    cvss_score: 5.5
+    notes: |
+      MB2 bootloader free-the-wrong-heap → limited DoS. NVD CPE:
+      jetson_linux versionEndExcluding=32.5.1. Hardware anchors =
+      AGX-Xavier (8/16/32GB) + TX2 (incl. 4GB/i/NX) + Xavier-NX
+      (dev/prod). TX1 + Nano EXPLICITLY EXCLUDED per NVD.
+      Fix in L4T R32.5.1.
+      Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-34397
+
+  - name: Tegra Trusty SMC input validation (CVE-2022-42269)
+    vendor: nvidia
+    category: tee
+    chipset_regex: "(?i)^(t210|t186|t194|tegra210|tegra186|tegra194|tx1|tx2|tx2-4gb|tx2-nx|tx2nx|tx2i|xavier-nx|xaviernx|xavier-nx-16gb|agx-xavier|agxxavier|agx-xavier-8gb|agx-xavier-16gb|agx-xavier-32gb|agx-xavier-64gb|agx-xavier-industrial)$"
+    version_regex: "(?i)(r3[01]\\b|r32\\.[0-6]\\b|r32\\.7\\.[01]\\b|r3[01]\\.|r32\\.[0-6]\\.|r32\\.7\\.[01]\\.)"
+    strict_chipset: false
+    cves:
+      - CVE-2022-42269
+    severity: high
+    cvss_score: 7.9
+    notes: |
+      Trusty OS SMC handler missing input validation → info disclosure
+      + integrity compromise. NVD CPE: jetson_linux versionEnd
+      Excluding=32.7.2. Hardware anchors INCLUDE jetson_tx1 in
+      addition to AGX-Xavier (6 SKUs) + TX2 (4 SKUs incl. TX2-NX) +
+      Xavier-NX (2 SKUs) — contradicts session-prompt's
+      "AGX-Xavier/TX2/Xavier-family" scope which omitted TX1.
+      NVD wins per Rule #19 evidence-first; TX1 added to
+      chipset_regex. Jetson Nano (also T210 but a different
+      hardware anchor) is NOT in the NVD CPE list and is excluded.
+      Fix in L4T R32.7.2 (Aug 2022).
+      Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-42269
+
+  - name: NVDLA emu_task_submit Xavier-only (CVE-2022-42270)
+    vendor: nvidia
+    category: kernel_module
+    chipset_regex: "(?i)^(t194|tegra194|xavier-nx|xaviernx|xavier-nx-16gb|agx-xavier|agxxavier|agx-xavier-8gb|agx-xavier-16gb|agx-xavier-32gb|agx-xavier-64gb|agx-xavier-industrial)$"
+    version_regex: "(?i)(r3[01]\\b|r32\\.[0-6]\\b|r32\\.7\\.[01]\\b|r3[01]\\.|r32\\.[0-6]\\.|r32\\.7\\.[01]\\.)"
+    strict_chipset: false
+    cves:
+      - CVE-2022-42270
+    severity: high
+    cvss_score: 7.8
+    notes: |
+      NVDLA emu_task_submit stack-based buffer overflow. NVD CPE:
+      jetson_linux versionEndExcluding=32.7.2. Xavier-ONLY: NVDLA
+      Deep Learning Accelerator is only on T194/Xavier silicon.
+      Hardware anchors = AGX-Xavier (6 SKUs) + Xavier-NX (2 SKUs).
+      TX1 / TX2 / Nano EXPLICITLY EXCLUDED per NVD.
+      category=kernel_module because NVDLA driver lives in
+      nvidia.ko / nvgpu kernel module.
+      Fix in L4T R32.7.2.
+      Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-42270