NVIDIA TX1 Boot ROM Vulnerability

2018-06-20T16:00:00
ID CISCO-SA-20180620-NVIDIA-TX1-ROM
Type cisco
Reporter Cisco
Modified 2018-06-20T14:03:52

Description

On April 24, 2018, researchers disclosed a vulnerability that takes advantage of a buffer overflow vulnerability in NVIDIA TX1 BootROM when Recovery Mode (RCM) is active. This vulnerability could allow an unprivileged, local attacker to bypass secure boot and execute unverified code on an affected system.

The vulnerability has been identified by CVE-2018-6242.

To exploit this vulnerability, an attacker must be able to physically access the device along with the affected processor’s USB connection. This vulnerability cannot be exploited remotely, even if the device is connected to the Internet.

Cisco has identified all products that use the NVIDIA TX1 processor and has released software updates to address this vulnerability. The software update will permanently disable the ability to activate RCM. Should customers attempt to downgrade their software version, the ability to activate RCM will no longer be available.

On April 24, 2018, researchers disclosed a vulnerability that takes advantage of a buffer overflow vulnerability in NVIDIA TX1 BootROM when Recovery Mode (RCM) is active. This vulnerability could allow an unprivileged, local attacker to bypass secure boot and execute unverified code on an affected system.

The vulnerability has been identified by CVE-2018-6242.

To exploit this vulnerability, an attacker must be able to physically access the device along with the affected processor’s USB connection. This vulnerability cannot be exploited remotely, even if the device is connected to the Internet.

Cisco has identified all products that use the NVIDIA TX1 processor and has released software updates to address this vulnerability. The software update will permanently disable the ability to activate RCM. Should customers attempt to downgrade their software version, the ability to activate RCM will no longer be available.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nvidia-tx1-rom ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nvidia-tx1-rom"]