#VU13832 Out-of-bounds write in SHIELD TV - CVE-2017-6294
Published: July 12, 2018
Vulnerability identifier: #VU13832
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-6294
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
SHIELD TV
SHIELD TV
Software vendor:
nVidia
nVidia
Description
The vulnerability allows a physical unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the logging driver in NVIDIA TLK TrustZone OS. A physical attacker can cause the software to write data after the end or before the beginning of the intended buffer and cause the service to crash or execute arbitrary code execution with elevated privileges.
The weakness exists due to a flaw in the logging driver in NVIDIA TLK TrustZone OS. A physical attacker can cause the software to write data after the end or before the beginning of the intended buffer and cause the service to crash or execute arbitrary code execution with elevated privileges.
Remediation
Update to version 7.0.