Multiple vulnerabilities in NVIDIA SHIELD TV
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2017-6282 CVE-2017-6279 CVE-2017-6295 CVE-2017-13175 CVE-2017-6276 CVE-2017-6283 CVE-2017-6284 CVE-2017-6296 |
| CWE-ID | CWE-787 CWE-264 CWE-125 CWE-416 CWE-200 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
SHIELD TV Hardware solutions / Firmware |
| Vendor | nVidia |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU10668
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6282
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in NVMAP in NVIDIA Tegra kernel driver. A local attacker can trigger out-of-bounds write and execute arbitrary code with elevated privileges.
Update to version 6.3.
SHIELD TV: 6.0 - 6.2
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4631
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Privilege escalation
EUVDB-ID: #VU10669
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6279
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in OMX.Nvidia.aac.decoder in NVIDIA Tegra OpenMax Component. A local attacker can disable the dead code
to avoid malicious software, instantiate the vulnerable component and cause service to crash or gain elevated privileges.
Update to version 6.3.
SHIELD TV: 6.0 - 6.2
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4631
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Out-of-bounds read
EUVDB-ID: #VU10670
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6295
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to a flaw in the Keymaster implementation in NVIDIA TrustZone Software. A local attacker can trigger out-of-bounds read and gain read access to important data or cause the service to crash.
Update to version 6.3.
SHIELD TV: 6.0 - 6.2
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4631
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free error
EUVDB-ID: #VU10671
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13175
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in OMX.Nvidia.audio.render in NVIDIA Tegra OpenMax Component. A local attacker can use mediaserver, trigger use-after-free error, cause the service to crash or possibly gain elevated privileges.
Update to version 6.3.
SHIELD TV: 6.0 - 6.2
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4631
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Use-after-free error
EUVDB-ID: #VU10672
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6276
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in LIBNVMMLITE_VIDEO.SO in NVIDIA OpenMax Component. A local attacker can use mediaserver, trigger use-after-free error, cause the service to crash or possibly gain elevated privileges.
Update to version 6.3.
SHIELD TV: 6.0 - 6.2
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4631
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Information disclosure
EUVDB-ID: #VU10673
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6283
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the RSA function in NVIDIA Security Engine. A local attacker can clear the keyslot read/write lock permissions on a chip reset and gain read access to important data.
Update to version 6.3.
SHIELD TV: 6.0 - 6.2
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4631
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU10674
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6284
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the Deterministic Random Bit Generator (DRBG) in NVIDIA Security Engine due to improper initialization and storing or transmitting sensitive data using a weakened encryption scheme. A local attacker can gain read access to important data.
Update to version 6.3.
SHIELD TV: 6.0 - 6.2
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4631
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Privilege escalation
EUVDB-ID: #VU10675
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6296
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a TOCTOU issue in the DRM application in NVIDIA TrustZone Software. A local attacker can cause service to crash or gain elevated privileges.
Update to version 6.3.
SHIELD TV: 6.0 - 6.2
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4631
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
