Security Bulletin: NVIDIA SHIELD TV - January 2021

2021-01-19T00:00:00
ID NVIDIA:5148
Type nvidia
Reporter Nvidia
Modified 2021-01-19T12:02:00

Description

Details

This section summarizes the potential impact that this security update addresses. Descriptions use CWE™, and base scores and vectors use CVSS V3.1 standards.

CVE IDs | Description | Base Score | Vector
---|---|---|---
CVE‑2021‑1068 | NVIDIA SHIELD TV contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges. | 7.8 | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE‑2021‑1069 | NVIDIA SHIELD TV contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss. | 6.1 | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE‑2021‑1067 | NVIDIA SHIELD TV contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges. | 5.7 | AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.