#VU13833 Integer overflow in SHIELD TV
Vulnerability identifier: #VU13833
Vulnerability risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-190
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
SHIELD TV
Hardware solutions /
Firmware
Vendor: nVidia
Description
The vulnerability allows a physical unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the TA-to-TA communication handler in NVIDIA TLK TrustZone OS where the software performs a calculation. A physical attacker can trigger integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value, and and cause the service to crash or execute arbitrary code execution with elevated privileges.
Mitigation
Update to version 7.0.
Vulnerable software versions
SHIELD TV: 6.0 - 6.3
External links
http://nvidia.custhelp.com/app/answers/detail/a_id/4682
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
