The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS.
NVIDIA Tegra kernel audio driver contains a vulnerability in Audio DSP where an invalid user parameter may be copied without a check on the size of input, which may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 9.2
CVSS Temporal Score: 8.3
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVMAP
where an input buffer is copied to an output buffer without a check on the size of the input buffer, which may lead to denial of service.
CVSS Base Score: 8.5
CVSS Temporal Score: 7.6
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:H/E:P/RL:O/RC:C
NVIDIA OpenMax Component contains a vulnerability in LIBNVOMX
where there is the potential for secure decode to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.
CVSS Base Score: 7.1
CVSS Temporal Score: 6.4
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C
NVIDIA Tegra kernel audio driver contains a vulnerability in Audio DSP where an invalid user parameter may be copied without a check on the size of input, which may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 5.2
CVSS Temporal Score: 4.7
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Android vulnerabilities that have been referred to as “BlueBorne” were disclosed in the September 2017 Android Security Bulletin. Shield TV has addressed the applicable CVEs. For more information about these issues, visit the Android website.
NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn’t know of any exploits to these issues at this time.