Multiple vulnerabilities in nVidia SHIELD TV
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-6290 CVE-2017-6294 CVE-2017-6292 |
| CWE-ID | CWE-119 CWE-787 CWE-190 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SHIELD TV Hardware solutions / Firmware |
| Vendor | nVidia |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU13831
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6290
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the CORE DVFS Thermal driver in NVIDIA Tegra kernel. A local attacker can read from or write to a buffer using an index or pointer that references a memory location after the end of the buffer and gain elevated privileges or cause the service to crash.
Update to version 7.0.
Vulnerable software versionsSHIELD TV: 6.0 - 6.3
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4682
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU13832
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6294
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a physical unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the logging driver in NVIDIA TLK TrustZone OS. A physical attacker can cause the software to write data after the end or before the beginning of the intended buffer and cause the service to crash or execute arbitrary code execution with elevated privileges.
Update to version 7.0.
Vulnerable software versionsSHIELD TV: 6.0 - 6.3
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4682
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU13833
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6292
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a physical unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the TA-to-TA communication handler in NVIDIA TLK TrustZone OS where the software performs a calculation. A physical attacker can trigger integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value, and and cause the service to crash or execute arbitrary code execution with elevated privileges.
Update to version 7.0.
Vulnerable software versionsSHIELD TV: 6.0 - 6.3
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4682
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
