Tegra Linux Kernel Driver Vulnerabilities

Answer ID 4208
Published 08/02/2016 10:42 AM
Updated 09/15/2016 10:10 AM

Tegra Linux Kernel Driver Vulnerabilities

CVE-2016-2434

CVE-2016-2435

CVE-2016-2436

CVE-2016-2437

CVE-2016-2445

CVE-2016-2446

CVE-2016-2490
CVE-2016-2491


 

Vulnerability Description:

Vulnerabilities found in NVIDIA Tegra kernel drivers could allow a local attacker to escalate privileges or achieve arbitrary kernel code execution.

Exploit Scope and Risk:

Certain Linux kernel Tegra driver interfaces performed insufficient input validation, potentially resulting in writes to unintended kernel addresses. This could lead to a denial of service (e.g. kernel panic), escalation of privilege, or arbitrary code execution in the kernel.

The CVSS Risk assessment is identical for all CVEs listed in this bulletin as listed below.

CVSS Base Score - 6.6

Exploitability sub-score - 2.7

Access Vector: Local

Access Complexity: Medium

Authentication: Single

Impact sub-score - 10.0

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

CVSS temporal sub-score - 3.5

Exploitability: Proof of concept code

Remediation Level: Official Fix

Report Confidence: Confirmed

CVSS Environmental Score - [determined by user]

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommend consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn't know of any exploits to these issues at this time.

Vulnerable Configurations:

These vulnerabilities affect platforms running Linux on Tegra K1 and Tegra X1 processors.

Access to the affected device nodes may require elevated privileges, depending on system configuration, including Linux and SELinux permissions.

Vulnerability Discovery:

The vulnerabilities were reported to the Android security team at Google, who informed NVIDIA.

Discovery of CVE-2016-2434, CVE-2016-2435, CVE-2016-2436, CVE-2016-2445, CVE-2016-2446 is credited to Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2016-2437 is credit to Yuan-Tsung Lo, Lubo Zhang, Chiachih Wu (@chiachih_wu), and Xuxian Jiang of C0RE Team.

Fix:

NVIDIA recommends that users upgrade to patched software. Refer to the table below for recommended software updates.

Product

Scheduled Support Date

SHIELD Tablet

OTA 4.1 available May 10, 2016

SHIELD Tablet X1

OTA 1.2 available April 13, 2016

SHIELD Android TV

OTA 3.1 available April 18, 2016

SHIELD Portable

Not planned

TegraNote 7

Not planned

Linux for Tegra (L4T) Products

Tegra X1 and Jetson TX1: R24.1 available May 11, 2016
Tegra K1 and Jetson TK1: R21.5 available July, 2016

Mitigations:

Customers may consider any of the following steps to help further mitigate against these vulnerabilities:

Restrict access to kernel device nodes via system access control policies (DAC, MAC).

On Android devices:

Don't install apps from unknown sources, and keep Verify Apps enabled.

Avoid unlocking the bootloader or rooting your device, as these actions may increase risk of device compromise.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

LIVE CHAT

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

CONTACT US