var-201803-1351
Vulnerability from variot
NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. NVIDIA Tegra The kernel contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegra (Tu Rui) Kernel is a Tegra (mobile super chip) package kernel of NVIDIA Corporation. CORE DVFS Thermal driver is one of the core dynamic voltage frequency adjustment drivers. A security vulnerability exists in the CORE DVFS Thermal driver in the NVIDIA Tegra kernel. An attacker could exploit this vulnerability to cause a denial of service or potentially escalate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tegra k1",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": "21.6"
},
{
"model": "jetson tx1",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": "28.1"
},
{
"model": "jetson tx1",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": "24.2.2"
},
{
"model": "jetson tk1",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": "21.6"
},
{
"model": "jetson tk1",
"scope": null,
"trust": 0.8,
"vendor": "nvidia",
"version": null
},
{
"model": "jetson tx1",
"scope": null,
"trust": 0.8,
"vendor": "nvidia",
"version": null
},
{
"model": "tegra k1",
"scope": null,
"trust": 0.8,
"vendor": "nvidia",
"version": null
},
{
"model": "tegra k1",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "21.6"
},
{
"model": "jetson tk1",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "21.6"
},
{
"model": "jetson tx1",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "24.2.2"
},
{
"model": "jetson tx1",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "28.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:nvidia:jetson_tk1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:nvidia:jetson_tx1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:nvidia:tegra_k1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
}
]
},
"cve": "CVE-2017-6278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6278",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-114481",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-6278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6278",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-934",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114481",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6278",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. NVIDIA Tegra The kernel contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegra (Tu Rui) Kernel is a Tegra (mobile super chip) package kernel of NVIDIA Corporation. CORE DVFS Thermal driver is one of the core dynamic voltage frequency adjustment drivers. A security vulnerability exists in the CORE DVFS Thermal driver in the NVIDIA Tegra kernel. An attacker could exploit this vulnerability to cause a denial of service or potentially escalate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6278",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114481",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6278",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"id": "VAR-201803-1351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:41:57.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Answer ID 4635",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4635"
},
{
"title": "NVIDIA Tegra kernel CORE DVFS Thermal Driver security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79427"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/nvidia-fixes-8-high-severity-flaws-allowing-dos-code-execution/143399/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4635"
},
{
"trust": 1.8,
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6278"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6278"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/nvidia-fixes-8-high-severity-flaws-allowing-dos-code-execution/143399/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114481"
},
{
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
},
{
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-114481"
},
{
"date": "2018-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"date": "2018-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"date": "2018-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-934"
},
{
"date": "2018-03-26T16:29:00.287000",
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114481"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6278"
},
{
"date": "2018-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013114"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-934"
},
{
"date": "2024-11-21T03:29:25.907000",
"db": "NVD",
"id": "CVE-2017-6278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NVIDIA Tegra Vulnerabilities related to authorization, authority, and access control in the kernel",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013114"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-934"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.