Integer overflow in SHIELD TV - CVE-2017-6292
Published: July 12, 2018
Vulnerability identifier: #VU13833
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-6292
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
SHIELD TV
SHIELD TV
Detailed vulnerability description
The vulnerability allows a physical unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the TA-to-TA communication handler in NVIDIA TLK TrustZone OS where the software performs a calculation. A physical attacker can trigger integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value, and and cause the service to crash or execute arbitrary code execution with elevated privileges.
The weakness exists due to a flaw in the TA-to-TA communication handler in NVIDIA TLK TrustZone OS where the software performs a calculation. A physical attacker can trigger integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value, and and cause the service to crash or execute arbitrary code execution with elevated privileges.
How to mitigate CVE-2017-6292
Update to version 7.0.