Nvidia says it has issued patches for eight security flaws it describes as high-severity in its Tegra CPUs. The company says the vulnerabilities could have allowed denial of service and code execution exploits on machines running the processors.
All eight fixes were issued through Nvidia’s Linux for Tegra drivers. In its documentation, the company says one of the flaws was severe enough it could have resulted in information disclosure on machines that were successfully targeted.
It is worth noting that none of the impacted chips are part of Nvidia powered gaming systems of PCs. In other words, consumers would not have been affected by these problems.
Nvidia names CVE‑2018‑6269 as the worst of the vulnerabilities. It was located in Tegra kernel drivers where the kernel shares information with the device. This was a very problematic vulnerability with a CVSS score of 8.8.
“Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.”
Next, the company dealt with CVE‑2017‑6278, which is another kernel level flaw. Also classed as high-severity, this vulnerability was located in the CORE dynamic voltage and frequency scaling (DVFS) thermal driver within in the kernel. Nvidia explains the driver had “the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or escalation of privileges.”
Each of these could have allowed a bad actor to initiate and attack through denial of service or escalation of privileges. 6267 was caused by the driver was missing user metadata checks that could allow invalid metadata to be installed and pass as valid data.
6271 was a flaw where input is invalid and data flow of a program could not be properly controlled. Finally, 6268 was a flaw where the driver would continue to reference memory even after it had been released.