Vulnerabilities found in NVIDIA Tegra kernel drivers could allow a local attacker to escalate privileges or achieve arbitrary kernel code execution.
Exploit Scope and Risk:
Certain Linux kernel Tegra driver interfaces performed insufficient input validation, potentially resulting in writes to unintended kernel addresses. This could lead to a denial of service (e.g. kernel panic), escalation of privilege, or arbitrary code execution in the kernel.
The CVSS Risk assessment is identical for all CVEs listed in this bulletin as listed below.
CVSS Base Score - 6.6
Exploitability sub-score - 2.7
Access Vector: Local
Access Complexity: Medium
Impact sub-score - 10.0
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
CVSS temporal sub-score - 3.5
Exploitability: Proof of concept code
Remediation Level: Official Fix
Report Confidence: Confirmed
CVSS Environmental Score - [determined by user]
NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommend consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn't know of any exploits to these issues at this time.
These vulnerabilities affect platforms running Linux on Tegra K1 and Tegra X1 processors.
Access to the affected device nodes may require elevated privileges, depending on system configuration, including Linux and SELinux permissions.
The vulnerabilities were reported to the Android security team at Google, who informed NVIDIA.
Discovery of CVE-2016-2434, CVE-2016-2435, CVE-2016-2436, CVE-2016-2445, CVE-2016-2446 is credited to Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2016-2437 is credit to Yuan-Tsung Lo, Lubo Zhang, Chiachih Wu (@chiachih_wu), and Xuxian Jiang of C0RE Team.
NVIDIA recommends that users upgrade to patched software. Refer to the table below for recommended software updates.
Scheduled Support Date
SHIELD Tablet X1
SHIELD Android TV
Linux for Tegra (L4T) Products
Customers may consider any of the following steps to help further mitigate against these vulnerabilities:
●Restrict access to kernel device nodes via system access control policies (DAC, MAC).
●On Android devices:
○Don't install apps from unknown sources, and keep Verify Apps enabled.
○Avoid unlocking the bootloader or rooting your device, as these actions may increase risk of device compromise.