Multiple vulnerabilities in NVIDIA SHIELD TV



Published: 2022-01-12
Risk Low
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2021-1106
CVE-2021-1107
CVE-2021-1108
CVE-2021-1112
CVE-2021-34401
CVE-2021-34402
CVE-2021-34403
CVE-2021-34404
CVE-2021-34405
CVE-2021-34406
CWE-ID CWE-264
CWE-284
CWE-190
CWE-476
CWE-119
CWE-416
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
SHIELD TV
Hardware solutions / Firmware

Vendor nVidia

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU55581

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1106

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in nvmap in NVIDIA Linux kernel distributions due to possibility to perform writes to read-only buffers. A local user can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU55582

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1107

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access control restrictions in nvmap NVMAP_IOC_WRITE* paths. A local user can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer overflow

EUVDB-ID: #VU55583

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1108

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in FuSa Capture (VI/ISP). A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU55588

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1112

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in nvmap. A local userr can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper access control

EUVDB-ID: #VU59554

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-34401

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER. A malicious application can bypass implemented security restrictions and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU59555

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-34402

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error within NVIDIA NVDEC in NVIDIA Tegra kernel driver. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU59556

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-34403

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvmap ioctl. A malicious application can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU59557

Risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-34404

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to failure to limit access AHB-DMA in BROM, as distributed with Android images for T210 provided by NVIDIA. An attacker with physical access to device execute arbitrary actions beyond the security scope of BROM.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU59558

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-34405

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a malicious application to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in in TrustZone’s TEE_Malloc function. A malicious application can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU59559

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-34406

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a malicious application to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in NVHost. A malicious application can trigger a race condition and reboot the system, resulting in DoS.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SHIELD TV: 6.0 - 8.0


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5259

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###