Nvidia has released fixes for eight high-severity vulnerabilities in its Linux for Tegra driver packages. The worst of these flaws could allow information disclosure, denial of service and code execution on impacted systems.
Overall, the chipmaker on Tuesday released patches for 13 flaws that impact the Nvidia Jetson TX1 and TX2, two low-power embedded computing boards which carry a Nvidia Tegra processor and are specifically designed for accelerating machine learning in systems. The Jetson TX1 and TX2 are used in robots, drones, smart cameras and portable medical devices. None of the impacted Nvidia chips patched are used in gaming systems or PCs.
A Nvidia spokesperson told Threatpost that the company is not aware of any exploits for the flaws at this time.
The most severe vulnerability (CVE‑2018‑6269) exists in Nvidia Tegra’s kernel drivers, which is code that allows the kernel to talk to the hardware devices that the SoC is in. The flaw has a CVSS score of 8.8, making it high severity.
Specifically, the vulnerability is in the way the kernel driver handles input and output control for user mode requests, which could allow an attacker to make a non-trusted pointer dereference, Nvidia said.
Pointer dereference is the process of getting a value that is stored in the memory location within the kernel driver. That means an attacker could supply a pointer for memory locations that the program is not expecting, and the program will then obtain a value from the untrusted source, convert the value to a pointer, and dereference that resulting pointer.
Once the pointer is dereferenced for a write operation, the attack might allow information disclosure, denial of service, escalation of privileges, or code execution. The attack vector is local, so an attacker would need to have local access to a machine.
Another flaw in the kernel of Tegra (CVE‑2017‑6278) could allow denial of service or escalation of privileges. This high-severity flaw exists in the CORE dynamic voltage and frequency scaling (DVFS) thermal driver of the kernel. This driver has “the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may led to a denial of service or escalation of privileges,” Nvidia said.
Three high-severity glitches exist in Nvidia’s Tegra OpenMax driver (CVE‑2018‑6267, CVE‑2018‑6271 and CVE‑2018‑6268), all of which could lead to denial of service or escalation of privileges. CVE‑2018‑6267 stems from the fact that missing user metadata checks in the driver may allow invalid metadata to pass as valid metadata; CVE‑2018‑6271 is a glitch in which input is invalid or erroneously validated and could affect the control flow or data flow of a program; and CVE‑2018‑6268 stems from the driver referencing memory after it has been freed.
These flaws were previously addressed by Google in its February Android security update and are now being fixed by Nvidia.
Other high-severity flaws include a denial of service flaw (CVE‑2019‑5673) in Nvidia’s Tegra kernel driver and a denial of service and escalation of privilege vulnerability (CVE‑2017‑033) in the Tegra kernel.
For all CVEs, all versions of Jetson TX1 and Jetson TX2 running Linux for Tegra (prior to R28.3) need to update to version R28.3, said Nvidia.
The patches come a week after Nvidia patched a high-severity vulnerability in its GeForce Experience software, which could lead to code execution or denial-of-service of products if exploited. Earlier in March, Google also issued patches for bugs in NVIDIA components used in Android handsets. Two information disclosure bugs, rated high severity, were also patched by NVIDIA.