cvelistv5 - CVE-2017-6273

CVE-2017-6273 (GCVE-0-2017-6273)

Vulnerability from cvelistv5 – Published: 2017-10-17 20:00 – Updated: 2024-09-16 23:56

Summary

Severity ?

No CVSS data available.

CWE

Denial of Service, Escalation of Privileges

Assigner

nvidia

References

URL

Tags

http://nvidia.custhelp.com/app/answers/detail/a_id/4561

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Nvidia Corporation	Jetson	Affected: Jetson TX1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:25:48.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jetson",
          "vendor": "Nvidia Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Jetson TX1"
            }
          ]
        }
      ],
      "datePublic": "2017-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service, Escalation of Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-17T19:57:01",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "DATE_PUBLIC": "2017-10-17T00:00:00",
          "ID": "CVE-2017-6273",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jetson",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Jetson TX1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Nvidia Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service, Escalation of Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2017-6273",
    "datePublished": "2017-10-17T20:00:00Z",
    "dateReserved": "2017-02-23T00:00:00",
    "dateUpdated": "2024-09-16T23:56:24.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nvidia:adsp_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BB851B1-A2FE-4ECE-9574-C3D97F1A4256\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:tegra_jetson_l4t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75F73AE3-1578-43D2-967F-2DCE8445BCF2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.\"}, {\"lang\": \"es\", \"value\": \"NVIDIA ADSP Firmware contiene una vulnerabilidad en el componente ADSP Loader en la que es posible escribir en un espacio de la memoria que est\\u00e1 fuera de los l\\u00edmites esperados del b\\u00fafer, lo que puede provocar una denegaci\\u00f3n de servicio (DoS) o un escalado de privilegios.\"}]",
      "id": "CVE-2017-6273",
      "lastModified": "2024-11-21T03:29:24.520",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-10-17T20:29:00.433",
      "references": "[{\"url\": \"http://nvidia.custhelp.com/app/answers/detail/a_id/4561\", \"source\": \"psirt@nvidia.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://nvidia.custhelp.com/app/answers/detail/a_id/4561\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@nvidia.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6273\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2017-10-17T20:29:00.433\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.\"},{\"lang\":\"es\",\"value\":\"NVIDIA ADSP Firmware contiene una vulnerabilidad en el componente ADSP Loader en la que es posible escribir en un espacio de la memoria que est\u00e1 fuera de los l\u00edmites esperados del b\u00fafer, lo que puede provocar una denegaci\u00f3n de servicio (DoS) o un escalado de privilegios.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:adsp_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB851B1-A2FE-4ECE-9574-C3D97F1A4256\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:tegra_jetson_l4t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75F73AE3-1578-43D2-967F-2DCE8445BCF2\"}]}]}],\"references\":[{\"url\":\"http://nvidia.custhelp.com/app/answers/detail/a_id/4561\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://nvidia.custhelp.com/app/answers/detail/a_id/4561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201710-1301

Vulnerability from variot - Updated: 2023-12-18 12:57

NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges. NVIDIA ADSP The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA ADSP Firmware is a firmware used in a set of advanced digital signal processing units of NVIDIA Corporation. ADSP Loader is one of the bootloader components. A security vulnerability exists in the ADSP Loader component of the NVIDIA ADSP Firmware. A local attacker could exploit this vulnerability to cause a denial of service or to escalate privileges (write out of bounds)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1301",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "adsp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "adsp",
        "scope": null,
        "trust": 0.8,
        "vendor": "nvidia",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nvidia:adsp_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:tegra_jetson_l4t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "cve": "CVE-2017-6273",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-6273",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-114476",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6273",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6273",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-586",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114476",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges. NVIDIA ADSP The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA ADSP Firmware is a firmware used in a set of advanced digital signal processing units of NVIDIA Corporation. ADSP Loader is one of the bootloader components. A security vulnerability exists in the ADSP Loader component of the NVIDIA ADSP Firmware. A local attacker could exploit this vulnerability to cause a denial of service or to escalate privileges (write out of bounds)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6273",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-114476",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ]
  },
  "id": "VAR-201710-1301",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:57:11.417000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for \u201cBlueBorne\u201d and \u201cDnsmasq\u201d.(CVE-2017-6273)",
        "trust": 0.8,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6273"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6273"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "date": "2017-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "date": "2017-10-17T20:29:00.433000",
        "db": "NVD",
        "id": "CVE-2017-6273"
      },
      {
        "date": "2017-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "date": "2017-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "date": "2017-11-08T15:26:46.343000",
        "db": "NVD",
        "id": "CVE-2017-6273"
      },
      {
        "date": "2017-11-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA ADSP Firmware buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-6273

Vulnerability from fkie_nvd - Published: 2017-10-17 20:29 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@nvidia.com	http://nvidia.custhelp.com/app/answers/detail/a_id/4561	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://nvidia.custhelp.com/app/answers/detail/a_id/4561	Vendor Advisory

Impacted products

	Vendor	Product	Version
	nvidia	adsp_firmware	-
	nvidia	tegra_jetson_l4t	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nvidia:adsp_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB851B1-A2FE-4ECE-9574-C3D97F1A4256",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nvidia:tegra_jetson_l4t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F73AE3-1578-43D2-967F-2DCE8445BCF2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges."
    },
    {
      "lang": "es",
      "value": "NVIDIA ADSP Firmware contiene una vulnerabilidad en el componente ADSP Loader en la que es posible escribir en un espacio de la memoria que est\u00e1 fuera de los l\u00edmites esperados del b\u00fafer, lo que puede provocar una denegaci\u00f3n de servicio (DoS) o un escalado de privilegios."
    }
  ],
  "id": "CVE-2017-6273",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-17T20:29:00.433",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2017-AVI-362

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans NVIDIA Tegra Jetson L4T. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Jetson TK1 (R21) pour L4T/Linux
N/A	N/A	Jetson TX1 (R24) pour L4T/Linux
N/A	N/A	Jetson TK1 and Jetson TX1 (R21 et R24) pour L4T/Linux

References

Title

Publication Time

Tags

Bulletin de sécurité NVIDIA du 17 octobre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Jetson TK1 (R21) pour L4T/Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Jetson TX1 (R24) pour L4T/Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Jetson TK1 and Jetson TX1 (R21 et R24) pour L4T/Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-6273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6273"
    },
    {
      "name": "CVE-2016-8400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8400"
    },
    {
      "name": "CVE-2016-8428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8428"
    },
    {
      "name": "CVE-2016-6916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6916"
    },
    {
      "name": "CVE-2017-0331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0331"
    },
    {
      "name": "CVE-2017-0332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0332"
    },
    {
      "name": "CVE-2016-2491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2491"
    },
    {
      "name": "CVE-2017-14491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
    },
    {
      "name": "CVE-2016-8449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8449"
    },
    {
      "name": "CVE-2017-0306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0306"
    },
    {
      "name": "CVE-2016-6917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6917"
    },
    {
      "name": "CVE-2016-6775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6775"
    },
    {
      "name": "CVE-2016-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3847"
    },
    {
      "name": "CVE-2017-14494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
    },
    {
      "name": "CVE-2017-1000251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000251"
    },
    {
      "name": "CVE-2017-0327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0327"
    },
    {
      "name": "CVE-2016-8425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8425"
    },
    {
      "name": "CVE-2017-0429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0429"
    },
    {
      "name": "CVE-2016-6915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6915"
    },
    {
      "name": "CVE-2016-3873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3873"
    },
    {
      "name": "CVE-2017-14496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
    },
    {
      "name": "CVE-2017-14493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
    },
    {
      "name": "CVE-2016-8424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8424"
    },
    {
      "name": "CVE-2017-0325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0325"
    },
    {
      "name": "CVE-2017-0428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0428"
    },
    {
      "name": "CVE-2016-6776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6776"
    },
    {
      "name": "CVE-2016-6777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6777"
    },
    {
      "name": "CVE-2016-8426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8426"
    },
    {
      "name": "CVE-2016-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0834"
    },
    {
      "name": "CVE-2016-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8395"
    },
    {
      "name": "CVE-2017-0326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0326"
    },
    {
      "name": "CVE-2016-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3793"
    },
    {
      "name": "CVE-2016-8397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8397"
    },
    {
      "name": "CVE-2016-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3814"
    },
    {
      "name": "CVE-2016-8430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8430"
    },
    {
      "name": "CVE-2016-2434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2434"
    },
    {
      "name": "CVE-2017-0307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0307"
    },
    {
      "name": "CVE-2017-1000250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000250"
    },
    {
      "name": "CVE-2016-8482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8482"
    },
    {
      "name": "CVE-2016-3930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3930"
    },
    {
      "name": "CVE-2017-14492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
    },
    {
      "name": "CVE-2016-8427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8427"
    },
    {
      "name": "CVE-2017-14495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
    },
    {
      "name": "CVE-2016-3815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3815"
    },
    {
      "name": "CVE-2016-6789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6789"
    },
    {
      "name": "CVE-2016-8429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8429"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-362",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans NVIDIA Tegra Jetson\nL4T. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans NVIDIA Tegra Jetson L4T",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NVIDIA du 17 octobre 2017",
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
    }
  ]
}

CERTFR-2017-AVI-362

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Jetson TK1 (R21) pour L4T/Linux
N/A	N/A	Jetson TX1 (R24) pour L4T/Linux
N/A	N/A	Jetson TK1 and Jetson TX1 (R21 et R24) pour L4T/Linux

References

Title

Publication Time

Tags

Bulletin de sécurité NVIDIA du 17 octobre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Jetson TK1 (R21) pour L4T/Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Jetson TX1 (R24) pour L4T/Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Jetson TK1 and Jetson TX1 (R21 et R24) pour L4T/Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-6273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6273"
    },
    {
      "name": "CVE-2016-8400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8400"
    },
    {
      "name": "CVE-2016-8428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8428"
    },
    {
      "name": "CVE-2016-6916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6916"
    },
    {
      "name": "CVE-2017-0331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0331"
    },
    {
      "name": "CVE-2017-0332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0332"
    },
    {
      "name": "CVE-2016-2491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2491"
    },
    {
      "name": "CVE-2017-14491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
    },
    {
      "name": "CVE-2016-8449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8449"
    },
    {
      "name": "CVE-2017-0306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0306"
    },
    {
      "name": "CVE-2016-6917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6917"
    },
    {
      "name": "CVE-2016-6775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6775"
    },
    {
      "name": "CVE-2016-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3847"
    },
    {
      "name": "CVE-2017-14494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
    },
    {
      "name": "CVE-2017-1000251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000251"
    },
    {
      "name": "CVE-2017-0327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0327"
    },
    {
      "name": "CVE-2016-8425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8425"
    },
    {
      "name": "CVE-2017-0429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0429"
    },
    {
      "name": "CVE-2016-6915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6915"
    },
    {
      "name": "CVE-2016-3873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3873"
    },
    {
      "name": "CVE-2017-14496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
    },
    {
      "name": "CVE-2017-14493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
    },
    {
      "name": "CVE-2016-8424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8424"
    },
    {
      "name": "CVE-2017-0325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0325"
    },
    {
      "name": "CVE-2017-0428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0428"
    },
    {
      "name": "CVE-2016-6776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6776"
    },
    {
      "name": "CVE-2016-6777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6777"
    },
    {
      "name": "CVE-2016-8426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8426"
    },
    {
      "name": "CVE-2016-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0834"
    },
    {
      "name": "CVE-2016-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8395"
    },
    {
      "name": "CVE-2017-0326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0326"
    },
    {
      "name": "CVE-2016-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3793"
    },
    {
      "name": "CVE-2016-8397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8397"
    },
    {
      "name": "CVE-2016-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3814"
    },
    {
      "name": "CVE-2016-8430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8430"
    },
    {
      "name": "CVE-2016-2434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2434"
    },
    {
      "name": "CVE-2017-0307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0307"
    },
    {
      "name": "CVE-2017-1000250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000250"
    },
    {
      "name": "CVE-2016-8482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8482"
    },
    {
      "name": "CVE-2016-3930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3930"
    },
    {
      "name": "CVE-2017-14492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
    },
    {
      "name": "CVE-2016-8427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8427"
    },
    {
      "name": "CVE-2017-14495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
    },
    {
      "name": "CVE-2016-3815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3815"
    },
    {
      "name": "CVE-2016-6789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6789"
    },
    {
      "name": "CVE-2016-8429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8429"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-362",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans NVIDIA Tegra Jetson\nL4T. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans NVIDIA Tegra Jetson L4T",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NVIDIA du 17 octobre 2017",
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
    }
  ]
}

CNVD-2017-33795

Vulnerability from cnvd - Published: 2017-11-14

Title

NVIDIA ADSP Firmware ADSP Loader组件缓冲区溢出漏洞

Description

NVIDIA ADSP Firmware是美国英伟达（NVIDIA）公司的一套高级数字信号处理单元中使用的固件。ADSP Loader是其中的一个引导装载组件。 NVIDIA ADSP Firmware中的ADSP Loader组件存在缓冲区溢出漏洞。本地攻击者可利用该漏洞造成拒绝服务或提升权限（越边界写入）。

Severity

中

Patch Name

NVIDIA ADSP Firmware ADSP Loader组件缓冲区溢出漏洞的补丁

Patch Description

NVIDIA ADSP Firmware是美国英伟达（NVIDIA）公司的一套高级数字信号处理单元中使用的固件。ADSP Loader是其中的一个引导装载组件。 NVIDIA ADSP Firmware中的ADSP Loader组件存在缓冲区溢出漏洞。本地攻击者可利用该漏洞造成拒绝服务或提升权限（越边界写入）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Reference

http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Impacted products

Name
NVIDIA ADSP Firmware

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6273"
    }
  },
  "description": "NVIDIA ADSP Firmware\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4e00\u5957\u9ad8\u7ea7\u6570\u5b57\u4fe1\u53f7\u5904\u7406\u5355\u5143\u4e2d\u4f7f\u7528\u7684\u56fa\u4ef6\u3002ADSP Loader\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f15\u5bfc\u88c5\u8f7d\u7ec4\u4ef6\u3002\r\n\r\nNVIDIA ADSP Firmware\u4e2d\u7684ADSP Loader\u7ec4\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u63d0\u5347\u6743\u9650\uff08\u8d8a\u8fb9\u754c\u5199\u5165\uff09\u3002",
  "discovererName": "NVIDIA",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://nvidia.custhelp.com/app/answers/detail/a_id/4561",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33795",
  "openTime": "2017-11-14",
  "patchDescription": "NVIDIA ADSP Firmware\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4e00\u5957\u9ad8\u7ea7\u6570\u5b57\u4fe1\u53f7\u5904\u7406\u5355\u5143\u4e2d\u4f7f\u7528\u7684\u56fa\u4ef6\u3002ADSP Loader\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f15\u5bfc\u88c5\u8f7d\u7ec4\u4ef6\u3002\r\n\r\nNVIDIA ADSP Firmware\u4e2d\u7684ADSP Loader\u7ec4\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u63d0\u5347\u6743\u9650\uff08\u8d8a\u8fb9\u754c\u5199\u5165\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NVIDIA ADSP Firmware ADSP Loader\u7ec4\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NVIDIA ADSP Firmware"
  },
  "referenceLink": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-13",
  "title": "NVIDIA ADSP Firmware ADSP Loader\u7ec4\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-C3FH-CG9W-M6PR

Vulnerability from github – Published: 2022-05-17 00:25 – Updated: 2022-05-17 00:25

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-17T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.",
  "id": "GHSA-c3fh-cg9w-m6pr",
  "modified": "2022-05-17T00:25:39Z",
  "published": "2022-05-17T00:25:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6273"
    },
    {
      "type": "WEB",
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-6273

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6273

Aliases

CVE-2017-6273

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6273",
    "description": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.",
    "id": "GSD-2017-6273"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6273"
      ],
      "details": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.",
      "id": "GSD-2017-6273",
      "modified": "2023-12-13T01:21:09.746911Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@nvidia.com",
        "DATE_PUBLIC": "2017-10-17T00:00:00",
        "ID": "CVE-2017-6273",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Jetson",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Jetson TX1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Nvidia Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service, Escalation of Privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
            "refsource": "CONFIRM",
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nvidia:adsp_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:tegra_jetson_l4t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2017-6273"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-11-08T15:26Z",
      "publishedDate": "2017-10-17T20:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6273 (GCVE-0-2017-6273)

VAR-201710-1301

FKIE_CVE-2017-6273

CERTFR-2017-AVI-362

Solution

CERTFR-2017-AVI-362

Solution

CNVD-2017-33795

GHSA-C3FH-CG9W-M6PR

GSD-2017-6273

Tags

Sightings

Nomenclature