Out-of-bounds write in SHIELD TV

#VU13832 Out-of-bounds write in SHIELD TV

Published: 2018-07-12

Vulnerability identifier: #VU13832

Vulnerability risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6294

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
SHIELD TV
Hardware solutions / Firmware

Vendor: nVidia

Description
The vulnerability allows a physical unauthenticated attacker to gain elevated privileges on the target system.

The weakness exists due to a flaw in the logging driver in NVIDIA TLK TrustZone OS. A physical attacker can cause the software to write data after the end or before the beginning of the intended buffer and cause the service to crash or execute arbitrary code execution with elevated privileges.

Mitigation
Update to version 7.0.

Vulnerable software versions

SHIELD TV: 6.0 - 6.3

External links
http://nvidia.custhelp.com/app/answers/detail/a_id/4682

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in nVidia SHIELD TV