Lucene search

K
nvidiaNvidiaNVIDIA:4549
HistoryOct 05, 2017 - 12:00 a.m.

Security Bulletin: NVIDIA Shield TV contains multiple vulnerabilities; update on "BlueBorne"

2017-10-0500:00:00
nvidia.custhelp.com
48

Vulnerability Details

The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS.

CVE-2017-6248 and CVE-2017-6249

NVIDIA Tegra kernel audio driver contains a vulnerability in Audio DSP where an invalid user parameter may be copied without a check on the size of input, which may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 9.2
CVSS Temporal Score: 8.3
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H/E:P/RL:O/RC:C

CVE-2017-0326

NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an input buffer is copied to an output buffer without a check on the size of the input buffer, which may lead to denial of service.

CVSS Base Score: 8.5
CVSS Temporal Score: 7.6
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:H/E:P/RL:O/RC:C

CVE-2017-6258

NVIDIA OpenMax Component contains a vulnerability in LIBNVOMX where there is the potential for secure decode to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.

CVSS Base Score: 7.1
CVSS Temporal Score: 6.4
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C

CVE-2017-6247

NVIDIA Tegra kernel audio driver contains a vulnerability in Audio DSP where an invalid user parameter may be copied without a check on the size of input, which may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 5.2
CVSS Temporal Score: 4.7
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785

Android vulnerabilities that have been referred to as “BlueBorne” were disclosed in the September 2017 Android Security Bulletin. Shield TV has addressed the applicable CVEs. For more information about these issues, visit the Android website.

NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn’t know of any exploits to these issues at this time.

CPENameOperatorVersion
shield tvle6.0