Nvidia Shield Experience vulnerabilities

CVE-2021-34401 [HIGH] CWE-284 CVE-2021-34401: NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOT NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service.

CVE-2021-34404 [HIGH] CVE-2021-34404: Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit a Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access to cause denial of service or impact integrity and confidentiality beyond the security scope of BROM.

CVE-2021-34403 [HIGH] CWE-416 CVE-2021-34403: NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a loca NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service.

CVE-2021-34406 [MEDIUM] CWE-476 CVE-2021-34406: NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can l NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.

CVE-2021-34402 [MEDIUM] CWE-284 CVE-2021-34402: NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileg NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.

CVE-2021-34405 [MEDIUM] CWE-252 CVE-2021-34405: NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unch NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.

CVE-2021-1108 [HIGH] CWE-191 CVE-2021-1108: NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer un NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.

CVE-2021-1106 [HIGH] CWE-787 CVE-2021-1106: NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to r NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.

CVE-2021-1107 [HIGH] CVE-2021-1107: NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where imp NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.

CVE-2021-1068 [HIGH] CWE-125 CVE-2021-1068: NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in w NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.

CVE-2021-1067 [MEDIUM] CVE-2021-1067: NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.

CVE-2021-1069 [MEDIUM] CWE-476 CVE-2021-1069: NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, whic NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.

CVE-2019-5699 [HIGH] CWE-119 CVE-2019-5699: NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privilege

CVE-2019-5700 [HIGH] CWE-20 CVE-2019-5700: NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the b NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVE-2019-5681 [HIGH] CVE-2019-5681: NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.

CVE-2019-5679 [HIGH] CWE-287 CVE-2019-5679: NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtbo NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges

CVE-2019-5682 [HIGH] CVE-2019-5682: NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service.