High-Severity Vulnerabilities in Tegra Drivers Patched by NVIDIA

This week, NVIDIA issued security patches to highlight numerous flaws in the Tegra Linux Driver Package (L4T), including many defects evaluated with a “high” severity rating.

CVE‑2018‑6269, a flaw that exists in the Tagra kernel driver, is one of the most significant bugs, affecting the input/output control (IOCTL) handling for user mode requests that could result in information revelation, denial-of-service (DoS), increase of privileges, or code execution through a non-trusted pointer dereference.

According to NVIDIA, based on its CVSS score of 8.4, the second most serious flaw is CVE‑2017‑6278. Sitting in the Tegra kernel’s CORE dynamic voltage and frequency scaling (DVFS) thermal driver, the flaw allows one to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or escalation of privileges.

A third serious vulnerability—CVE‑2018‑6267, CVSS score 8.4—was found in the Tegra OpenMax driver (libnvomx) and comprises a missing user metadata check that could allow invalid metadata to pass as valid, thus leading to a DoS condition or increase of privileges.

CVE‑2018‑6271, another high-risk virus addressed in this round of patches, also resides in the Tegra OpenMax driver and is created by invalid or incorrectly validated input.

NVIDIA also addressed a significant weakness in the Tegra kernel driver’s ARM System Memory Management Unit (SMMU), which could result in renunciation of service (CVE‑2019‑5673), and another in the Tegra OpenMax driver, which could lead to denial of service or escalation of privileges (CVE‑2018‑6268).

Other flaws addressed this week may lead to information revelation, denial of service or escalation of privileges. The updates should also alleviate side-channel attacks, particularly Variant 4 of the hypothetical execution methods known as Meltdown and Spectre.

NVIDIA further said that the majority of these flaws require local access to the targeted system, but the attack’s intricacy is low for most of them.

Leave a Reply

Your email address will not be published. Required fields are marked *