ID CVE-2017-0448 Type cve Reporter cve@mitre.org Modified 2017-07-25T01:29:00
Description
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448.
{"id": "CVE-2017-0448", "bulletinFamily": "NVD", "title": "CVE-2017-0448", "description": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448.", "published": "2017-02-08T15:59:00", "modified": "2017-07-25T01:29:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0448", "reporter": "cve@mitre.org", "references": ["https://source.android.com/security/bulletin/2017-02-01.html", "http://www.securitytracker.com/id/1037798", "http://www.securityfocus.com/bid/96105"], "cvelist": ["CVE-2017-0448"], "type": "cve", "lastseen": "2021-02-02T06:36:30", "edition": 6, "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "nvidia", "idList": ["NVIDIA:4635", "NVIDIA:4490"]}], "modified": "2021-02-02T06:36:30", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-02-02T06:36:30", "rev": 2}, "vulnersScore": 4.5}, "cpe": ["cpe:/o:linux:linux_kernel:3.10", "cpe:/o:google:android:7.1.1"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "3.10"}, {"cpeName": "google:android", "name": "google android", "operator": "le", "version": "7.1.1"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*"], "cwe": ["CWE-200"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "versionEndIncluding": "7.1.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2017-02-01.html"}, {"name": "96105", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96105"}, {"name": "1037798", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1037798"}], "immutableFields": []}
{"nvidia": [{"lastseen": "2020-12-24T11:49:09", "bulletinFamily": "software", "cvelist": ["CVE-2016-6776", "CVE-2017-0328", "CVE-2017-0339", "CVE-2017-0448", "CVE-2017-6248", "CVE-2017-6274", "CVE-2017-6275", "CVE-2017-6276", "CVE-2017-6278", "CVE-2017-6282", "CVE-2017-6283"], "description": "### Vulnerability Details\n\nThe following sections summarize the potential vulnerabilities. Descriptions use [CWE\u2122](<https://cwe.mitre.org/>) and risk assessments follow [CVSS](<https://www.first.org/cvss/user-guide>).\n\n#### CVE-2017-6282\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location, which may lead to an escalation of privileges.\n\nCVSS Base Score: 9.3 \nCVSS Temporal Score: 8.4 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=A/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/R>)\n\n#### CVE- 2017-6248\n\nNVIDIA Tegra kernel audio driver contains a vulnerability in Audio Digital Signal Processor (DSP) in the case of invalid user parameter, leading to denial of service or escalation of privileges.\n\nCVSS Base Score: 9.2 \nCVSS Temporal Score: 8.3 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2017-0328\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA crypto where software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator, which may lead to denial of service.\n\nCVSS Base Score: 9.0 \nCVSS Temporal Score: 8.1 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2016-6776\n\nNVIDIA Tegra kernel driver contains a vulnerability in the NVHOST driver where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.\n\nCVSS Base Score: 8.4 \nCVSS Temporal Score: 7.6 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2017-6275\n\nNVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.\n\nCVSS Base Score: 8.4 \nCVSS Temporal Score: 7.6 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2017-6278\n\nNVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.\n\nCVSS Base Score: 8.4 \nCVSS Temporal Score: 7.6 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2017-6276\n\nNVIDIA Tegra OpenMax Component contains a vulnerability in `LIBNVMMLITE_VIDEO.SO`, where the media server may be referencing memory after it has been freed, which may lead to denial of service or possible escalation of privileges.\n\nCVSS Base Score: 7.8 \nCVSS Temporal Score: 7.0 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2017-0339\n\nNVIDIA Tegra crypto-dev driver contains a vulnerability in the handling of IOCTLs in which a value is passed to the kernel driver without validation possibly causing array index issues, which may lead to information disclosure, denial of service, or code execution.\n\nCVSS Base Score: 7.8 \nCVSS Temporal Score: 6.8 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C>)\n\n#### CVE-2017-6283\n\nNVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset, which may lead to information disclosure.\n\nCVSS Base Score: 7.1 \nCVSS Temporal Score: 6.8 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:X/RL:T/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:X/RL:T/RC:C>)\n\n#### CVE-2017-0448\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVHOST where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.\n\nCVSS Base Score: 7.1 \nCVSS Temporal Score: 6.4 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C>)\n\n#### CVE-2017-6274\n\nNVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.\n\nCVSS Base Score: 6.7 \nCVSS Temporal Score: 6.0 \nCVSS Vector: CVSS:3.0/[AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n_NVIDIA\u2019s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn\u2019t know of any exploits to these issues at this time._\n\n### Affected Software\n\nThe following table lists supported software versions and driver branches that are affected by the issues described in this bulletin. For available security updates, see Software Security Updates.\n\nNote that the table may not be a comprehensive list of all impacted software versions or driver branches and may be updated as more information becomes available. For the latest information, check for updates to this bulletin or go to [NVIDIA Product Security](<http://www.nvidia.com/product-security>) to subscribe to security bulletin notifications.\n\nAdditionally, support may have expired for certain software versions or driver branches. For information about software versions or driver branches that are no longer supported, contact [NVIDIA Support](<http://www.nvidia.com/object/support.html>) with any questions.\n\n**CVEs** | **Product** | **OS** | **Version** \n---|---|---|--- \nCVE-2017-0328 \nCVE-2017-0339 \nCVE-2017-6248 \nCVE-2017-6274 \nCVE-2017-6275 \nCVE-2017-6276 \nCVE-2017-6278 \nCVE-2017-6282 \nCVE-2017-6283 | Jetson TX1 | Linux for Tegra | BSP 24.2.2 and prior \nBSP 28.1 and prior \nCVE-2017-6282 \nCVE-2017-6283 \nCVE-2017-6274 \nCVE-2017-6275 | Jetson TX2 | Linux for Tegra | BSP 28.1 and prior \nCVE-2016-6776 \nCVE-2017-0328 \nCVE-2017-0339 \nCVE-2017-0448 \nCVE-2017-6248 \nCVE-2017-6274 \nCVE-2017-6275 \nCVE-2017-6276 \nCVE-2017-6278 \nCVE-2017-6282 \nCVE-2017-6283 | Jetson TK1 and Tegra K1 | Linux for Tegra | BSP 21.6 and prior\n", "modified": "2018-06-08T14:15:00", "published": "2018-03-20T00:00:00", "id": "NVIDIA:4635", "href": "http://nvidia.custhelp.com/app/answers/detail/a_id/4635", "type": "nvidia", "title": "Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, Jetson TX2, and Tegra K1 L4T Security Updates for Multiple Vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-03T00:29:30", "bulletinFamily": "software", "cvelist": ["CVE-2016-8395", "CVE-2016-8400", "CVE-2016-8424", "CVE-2016-8425", "CVE-2016-8427", "CVE-2016-8428", "CVE-2016-8429", "CVE-2016-8430", "CVE-2016-8449", "CVE-2016-8460", "CVE-2017-0331", "CVE-2017-0429", "CVE-2017-0448"], "description": "### Vulnerability Details\n\nThe following sections summarize the vulnerabilities and list their [CVSS](<https://www.first.org/cvss/user-guide>) risk assessments.\n\n#### CVE-2016-8424\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.\n\nCVSS Base Score: 7.8 \nCVSS Temporal Score: 7.0 \nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2016-8425\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVHOST, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.\n\nCVSS Base Score: 7.8 \nCVSS Temporal Score: 7.0 \nCVSS Vector: [CVSS:3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2016-8427\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVHOST, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.\n\nCVSS Base Score: 7.8 \nCVSS Temporal Score: 7.0 \nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2016-8428\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where there is the potential to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.\n\nCVSS Base Score: 7.8 \nCVSS Temporal Score: 7.0 \nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2016-8428&vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)\n\n#### CVE-2016-8429\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.\n\nCVSS Base Score: 7.8 \nCVSS Temporal Score: 7.0 \nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2016-8430\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVHOST, where a user-after-free may lead to denial of service or possible escalation of privilege.\n\nCVSS Base Score: 7.8 \nCVSS Temporal Score: 7.0 \nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2016-8430&vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)\n\n#### CVE-2017-0331\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where the offset and size can change between the check and then be used in a way that invalidates the results of the check, which may lead to a denial of service or possible escalation of privileges.\n\nCVSS Base Score: 7.8 \nCVSS Temporal Score: 7.0 \nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2016-8400\n\nNVIDIA Tegra kernel driver contains a vulnerability in the NVIDIA Tegra library (`libnvrm`), where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.\n\nCVSS Base Score 7.1 \nCVSS Temporal Score 6.4 \nCVSS Vector [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2017-0429\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVHOST, where an attacker has the ability to write an arbitrary value to an arbitrary location, which may lead to an escalation of privileges.\n\nCVSS Base Score: 7.1 \nCVSS Temporal Score: 6.4 \nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C>)\n\n#### CVE-2017-0448\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVHOST, where referencing memory after it has been freed may lead to unauthorized information disclosure.\n\nCVSS Base Score: 7.1 \nCVSS Temporal Score: 6.4 \nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-0448&vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N>)\n\n#### CVE-2016-8449\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVAVP, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.\n\nCVSS Base Score: 7.0 \nCVSS Temporal Score: 6.3 \nCVSS Vector: [CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)\n\n#### CVE-2016-8460\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where uninitialized stack memory may be leaked to the user, leading to possible information disclosure.\n\nCVSS Base Score: 5.5 \nCVSS Temporal Score: 5.0 \nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C>)\n\n#### CVE-2016-8395\n\nNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA Camera, where the buffer being overwritten is allocated on the stack, which may lead to a local permanent denial of service or possible escalation of privileges, which may require reflashing of the operating system to repair the device.\n\nCVSS Base Score: 4.0 \nCVSS Temporal Score: 3.6 \nCVSS Vector: [CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C>)\n\n \n\n\n_NVIDIA\u2019s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn\u2019t know of any exploits to these issues at this time._\n", "modified": "2017-06-22T10:55:00", "published": "2017-06-14T00:00:00", "id": "NVIDIA:4490", "href": "http://nvidia.custhelp.com/app/answers/detail/a_id/4490", "type": "nvidia", "title": "Security Bulletin: NVIDIA Shield TV and Tablet contain multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
