Chip giants Intel and Nvidia have stomped out high-severity flaws in two popular products, both commonly used by gamers. Impacted are the Nvidia Shield TV and Intel NUC (short for Next Unit of Computing) mini-PC kit.
Nvidia Shield TV is a media streaming box (powered by Nvidia’s Tegra X1 system-on-chip) that runs on the Android operating system and can be used for gaming and media streaming. Intel’s NUC mini-PC kit offers processing, memory and storage capabilities for applications like gaming, digital signage and media centers.
The dual security advisories, released separately by each company on Tuesday, address a total of four high-severity flaws. That includes two glitches in the Nvidia Shield that could enable code execution, denial of service, escalation of privileges, and information disclosure, as well as two vulnerabilities in the Intel NUC that could allow escalation-of-privilege, denial-of-service or information disclosure.
Nvidia Shield TV
Nvidia Shield TV is plagued by two vulnerabilities that affect versions of the device prior to 8.0.1 and are running on Android Pie (the Android OS released in 2018). Both flaws rank 7.6 out of 10.0 on the CVSS scale, making them high-severity.
“This update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges,” said Nvidia in a Tuesday release. “To protect your system, download and install this software update through Settings>About>System update.”
The first flaw (CVE‑2019‑5699) stems from the bootloader in the Nvidia Tegra SoC of Nvidia Shield TV. This is the piece of code that runs before an operating systems starts to run, and loads the operating system when a computer turns on.
The issue is due to the software performing an incorrect bounds check. Bounds checking is a method of detecting whether a variable is within “bounds” before it is used in the memory buffer, which is a region of a physical memory storage. This flaw can lead to a buffer overflow; when more data is sent to a memory block (buffer) than it can hold. Attackers could leverage this flaw to launch escalation-of-privilege and code-execution attacks.
The other flaw (CVE‑2019‑5700) exists in how the bootloader interacts with the boot image, a type of disk image that provides critical files necessary to load the device.
The boot image typically contains a field that indicates a header version; the bootloader must check this header version field and parse the header accordingly. However, according to Nvidia, the bootloader in the vulnerable versions does not correctly validate the fields of the boot image. This glitch can lead to code execution, denial-of-service, escalation-of-privilege and information disclosure.
Nvidia did not release further details about what types of privileges attackers would need to launch an exploit for the flaws, or whether they would need to be local or remote. However, Nvidia recommends that Shield TV users update to version 8.0.1 as soon as possible.
“Potential security vulnerabilities in system firmware for Intel NUC may allow escalation-of-privilege, denial-of-service and/or information disclosure,” said Intel, in a Tuesday advisory. “Intel is releasing firmware updates to mitigate these potential vulnerabilities.”
Both vulnerabilities are 7.5 out of 10 on the CVSS scale, making them high-severity. To exploit either flaw, an attacker would need to be local, and already have existing permissions as a user of the NUC (meaning they need to be able to log into the NUC using user credentials).
One of the vulnerabilities (CVE-2019-14569) stems from pointer corruption in the system firmware for the NUC (a pointer is a programming language variable that stores/points the memory address of another variable). This could allow an attacker to gain privilege escalation, carry out denial-of-service or perform information disclosure.
The other bug (CVE-2019-14570) comes from a memory-corruption issue in the system firmware of the Intel NUC, which could allow a privileged user to potentially enable escalation-of-privilege, denial-of-service or information disclosure.
Impacted products include the NUC 8 mainstream game kit and game mini computer, the Intel NUC Board DE3815TYBE (H26998-500 & later), NUC Kit DE3815TYKHE (H27002-500 & later), NUC Board DE3815TYBE, NUC Kit DE3815TYKHE and NUC Kit DN2820FYKH.
Security researcher Alexander Ermolov was credited with discovering the flaws.
Vulnerabilities continue to crop up in the NUC – in April, Intel slapped a high-severity NUC vulnerability (CVE-2019-0163) that could enable escalation of privilege, denial of service, and information disclosure for impacted systems; while in June, Intel patched seven high-severity vulnerabilities in the system firmware of its Intel NUC.
What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free Threatpost webinar, “Hackers and Security Pros: Where They Agree & Disagree When It Comes to Your Privileged Access Security.” Click here to register.