Sign-up

ID

VAR-201803-1351


CVE

CVE-2017-6278


TITLE

NVIDIA Tegra Vulnerabilities related to authorization, authority, and access control in the kernel

Trust: 0.8

sources: JVNDB: JVNDB-2017-013114

DESCRIPTION

NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. NVIDIA Tegra The kernel contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegra (Tu Rui) Kernel is a Tegra (mobile super chip) package kernel of NVIDIA Corporation. CORE DVFS Thermal driver is one of the core dynamic voltage frequency adjustment drivers. A security vulnerability exists in the CORE DVFS Thermal driver in the NVIDIA Tegra kernel. An attacker could exploit this vulnerability to cause a denial of service or potentially escalate privileges

Trust: 1.8

sources: NVD: CVE-2017-6278 // JVNDB: JVNDB-2017-013114 // VULHUB: VHN-114481 // VULMON: CVE-2017-6278

AFFECTED PRODUCTS

vendor:nvidiamodel:tegra k1scope:lteversion:21.6

Trust: 1.0

vendor:nvidiamodel:jetson tx1scope:lteversion:28.1

Trust: 1.0

vendor:nvidiamodel:jetson tx1scope:lteversion:24.2.2

Trust: 1.0

vendor:nvidiamodel:jetson tk1scope:lteversion:21.6

Trust: 1.0

vendor:nvidiamodel:jetson tk1scope: - version: -

Trust: 0.8

vendor:nvidiamodel:jetson tx1scope: - version: -

Trust: 0.8

vendor:nvidiamodel:tegra k1scope: - version: -

Trust: 0.8

vendor:nvidiamodel:tegra k1scope:eqversion:21.6

Trust: 0.6

vendor:nvidiamodel:jetson tk1scope:eqversion:21.6

Trust: 0.6

vendor:nvidiamodel:jetson tx1scope:eqversion:24.2.2

Trust: 0.6

vendor:nvidiamodel:jetson tx1scope:eqversion:28.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-013114 // CNNVD: CNNVD-201803-934 // NVD: CVE-2017-6278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6278
value: HIGH

Trust: 1.0

NVD: CVE-2017-6278
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201803-934
value: HIGH

Trust: 0.6

VULHUB: VHN-114481
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-6278
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6278
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114481
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6278
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114481 // VULMON: CVE-2017-6278 // JVNDB: JVNDB-2017-013114 // CNNVD: CNNVD-201803-934 // NVD: CVE-2017-6278

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-114481 // JVNDB: JVNDB-2017-013114 // NVD: CVE-2017-6278

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-934

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201803-934

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013114

PATCH
title:Answer ID 4635url:http://nvidia.custhelp.com/app/answers/detail/a_id/4635
Trust: 0.8
title:NVIDIA Tegra kernel CORE DVFS Thermal Driver security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79427
Trust: 0.6
title:Threatposturl:https://threatpost.com/nvidia-fixes-8-high-severity-flaws-allowing-dos-code-execution/143399/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6278 // 
            
            
            
            JVNDB: JVNDB-2017-013114 // 
            
            
            
            CNNVD: CNNVD-201803-934

EXTERNAL IDS
db:NVDid:CVE-2017-6278
Trust: 2.6
db:JVNDBid:JVNDB-2017-013114
Trust: 0.8
db:CNNVDid:CNNVD-201803-934
Trust: 0.6
db:VULHUBid:VHN-114481
Trust: 0.1
db:VULMONid:CVE-2017-6278
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114481 // 
            
            
            
            VULMON: CVE-2017-6278 // 
            
            
            
            JVNDB: JVNDB-2017-013114 // 
            
            
            
            CNNVD: CNNVD-201803-934 // 
            
            
            
            NVD: CVE-2017-6278

REFERENCES
url:http://nvidia.custhelp.com/app/answers/detail/a_id/4635
Trust: 1.8
url:https://nvidia.custhelp.com/app/answers/detail/a_id/4787
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6278
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6278
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/nvidia-fixes-8-high-severity-flaws-allowing-dos-code-execution/143399/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114481 // 
            
            
            
            VULMON: CVE-2017-6278 // 
            
            
            
            JVNDB: JVNDB-2017-013114 // 
            
            
            
            CNNVD: CNNVD-201803-934 // 
            
            
            
            NVD: CVE-2017-6278

SOURCES
db:VULHUBid:VHN-114481
db:VULMONid:CVE-2017-6278
db:JVNDBid:JVNDB-2017-013114
db:CNNVDid:CNNVD-201803-934
db:NVDid:CVE-2017-6278

LAST UPDATE DATE
2024-11-23T22:41:57.619000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114481date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-6278date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-013114date:2018-05-28T00:00:00
db:CNNVDid:CNNVD-201803-934date:2019-10-08T00:00:00
db:NVDid:CVE-2017-6278date:2024-11-21T03:29:25.907

SOURCES RELEASE DATE
db:VULHUBid:VHN-114481date:2018-03-26T00:00:00
db:VULMONid:CVE-2017-6278date:2018-03-26T00:00:00
db:JVNDBid:JVNDB-2017-013114date:2018-05-28T00:00:00
db:CNNVDid:CNNVD-201803-934date:2018-03-27T00:00:00
db:NVDid:CVE-2017-6278date:2018-03-26T16:29:00.287