SB2018110607 - Multiple vulnerabilities in NVIDIA SHIELD TV
Published: November 6, 2018
Security Bulletin ID
SB2018110607
Severity
Low
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE‑2017‑6289)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to a flaw in the Tegra kernel driver. A local attacker can run a specially crafted application to execute arbitrary code within the Trusted Execution Experience (TEE) with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
2) Privilege escalation (CVE-ID: CVE‑2017‑6293)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to a flaw in the Tegra kernel driver. A local attacker can run a specially crafted application to execute arbitrary code within the Tegra X1 TrustZone (TZ) with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
3) Privilege escalation (CVE-ID: CVE‑2017‑5715)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to a flaw in the Tegra kernel driver. A local attacker can run a specially crafted application to execute arbitrary code within the Trusted Little Kernel (TLK) and gain access to arbitrary data.
4) Out-of-bounds read (CVE-ID: CVE‑2018‑6246)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to a boundary error in the Tegra kernel driver. A remote attacker can trigger out-of-bounds read in the TrustZone (TZ) with system execution privileges and gain access to arbitrary data.
Remediation
Install update from vendor's website.