Vulnerability identifier: #VU13832
Vulnerability risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-787
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
SHIELD TV
Hardware solutions /
Firmware
Vendor: nVidia
Description
The vulnerability allows a physical unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the logging driver in NVIDIA TLK TrustZone OS. A physical attacker can cause the software to write data after the end or before the beginning of the intended buffer and cause the service to crash or execute arbitrary code execution with elevated privileges.
Mitigation
Update to version 7.0.
Vulnerable software versions
SHIELD TV: 6.0 - 6.3
External links
http://nvidia.custhelp.com/app/answers/detail/a_id/4682
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.