VAR-201803-1351
Vulnerability from variot - Updated: 2023-12-18 14:05NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. NVIDIA Tegra The kernel contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegra (Tu Rui) Kernel is a Tegra (mobile super chip) package kernel of NVIDIA Corporation. CORE DVFS Thermal driver is one of the core dynamic voltage frequency adjustment drivers. A security vulnerability exists in the CORE DVFS Thermal driver in the NVIDIA Tegra kernel. An attacker could exploit this vulnerability to cause a denial of service or potentially escalate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jetson tx1",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": "28.1"
},
{
"model": "jetson tk1",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": "21.6"
},
{
"model": "tegra k1",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": "21.6"
},
{
"model": "jetson tx1",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": "24.2.2"
},
{
"model": "jetson tk1",
"scope": null,
"trust": 0.8,
"vendor": "nvidia",
"version": null
},
{
"model": "jetson tx1",
"scope": null,
"trust": 0.8,
"vendor": "nvidia",
"version": null
},
{
"model": "tegra k1",
"scope": null,
"trust": 0.8,
"vendor": "nvidia",
"version": null
},
{
"model": "tegra k1",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "21.6"
},
{
"model": "jetson tk1",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "21.6"
},
{
"model": "jetson tx1",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "24.2.2"
},
{
"model": "jetson tx1",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "28.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nvidia:jetson_tx1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "24.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nvidia:jetson_tx1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "28.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nvidia:jetson_tk1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:jetson_tk1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nvidia:tegra_k1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:tegra_k1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"cve": "CVE-2017-6278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6278",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-114481",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6278",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6278",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-934",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114481",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6278",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. NVIDIA Tegra The kernel contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegra (Tu Rui) Kernel is a Tegra (mobile super chip) package kernel of NVIDIA Corporation. CORE DVFS Thermal driver is one of the core dynamic voltage frequency adjustment drivers. A security vulnerability exists in the CORE DVFS Thermal driver in the NVIDIA Tegra kernel. An attacker could exploit this vulnerability to cause a denial of service or potentially escalate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6278",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114481",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6278",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
]
},
"id": "VAR-201803-1351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:05:30.060000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Answer ID 4635",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4635"
},
{
"title": "NVIDIA Tegra kernel CORE DVFS Thermal Driver security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79427"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/nvidia-fixes-8-high-severity-flaws-allowing-dos-code-execution/143399/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4635"
},
{
"trust": 1.8,
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6278"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6278"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/nvidia-fixes-8-high-severity-flaws-allowing-dos-code-execution/143399/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-114481"
},
{
"date": "2018-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"date": "2018-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"date": "2018-03-26T16:29:00.287000",
"db": "NVD",
"id": "CVE-2017-6278"
},
{
"date": "2018-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114481"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"date": "2018-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-6278"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NVIDIA Tegra Vulnerabilities related to authorization, authority, and access control in the kernel",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…