Out-of-bounds write in SHIELD TV - CVE-2017-6294
Published: July 12, 2018
Vulnerability identifier: #VU13832
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-6294
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
SHIELD TV
SHIELD TV
Detailed vulnerability description
The vulnerability allows a physical unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the logging driver in NVIDIA TLK TrustZone OS. A physical attacker can cause the software to write data after the end or before the beginning of the intended buffer and cause the service to crash or execute arbitrary code execution with elevated privileges.
The weakness exists due to a flaw in the logging driver in NVIDIA TLK TrustZone OS. A physical attacker can cause the software to write data after the end or before the beginning of the intended buffer and cause the service to crash or execute arbitrary code execution with elevated privileges.
How to mitigate CVE-2017-6294
Update to version 7.0.