Security Bulletin: NVIDIA Shield TV and Tablet contain multiple vulnerabilities

Vulnerability Details

The following sections summarize the vulnerabilities and list their CVSS risk assessments.

CVE-2016-8424

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2016-8425

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVHOST, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2016-8427

NVIDIA Tegra kernel driver contains a vulnerability in NVHOST, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2016-8428

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where there is the potential to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2016-8429

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2016-8430

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVHOST, where a user-after-free may lead to denial of service or possible escalation of privilege.

CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2017-0331

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where the offset and size can change between the check and then be used in a way that invalidates the results of the check, which may lead to a denial of service or possible escalation of privileges.

CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2016-8400

NVIDIA Tegra kernel driver contains a vulnerability in the NVIDIA Tegra library (libnvrm), where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.

CVSS Base Score 7.1
CVSS Temporal Score 6.4
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C

CVE-2017-0429

NVIDIA Tegra kernel driver contains a vulnerability in NVHOST, where an attacker has the ability to write an arbitrary value to an arbitrary location, which may lead to an escalation of privileges.

CVSS Base Score: 7.1
CVSS Temporal Score: 6.4
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C

CVE-2017-0448

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVHOST, where referencing memory after it has been freed may lead to unauthorized information disclosure.

CVSS Base Score: 7.1
CVSS Temporal Score: 6.4
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C

CVE-2016-8449

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVAVP, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 7.0
CVSS Temporal Score: 6.3
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2016-8460

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where uninitialized stack memory may be leaked to the user, leading to possible information disclosure.

CVSS Base Score: 5.5
CVSS Temporal Score: 5.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CVE-2016-8395

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA Camera, where the buffer being overwritten is allocated on the stack, which may lead to a local permanent denial of service or possible escalation of privileges, which may require reflashing of the operating system to repair the device.

CVSS Base Score: 4.0
CVSS Temporal Score: 3.6
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn’t know of any exploits to these issues at this time.