CVE-2017-6273

NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://nvidia.custhelp.com/app/answers/detail/a_id/4561	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nvidia:adsp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nvidia:tegra_jetson_l4t:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-10-17 20:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-6273

Mitre link : CVE-2017-6273

CVE.ORG link : CVE-2017-6273

JSON object : View

Products Affected

nvidia

tegra_jetson_l4t
adsp_firmware

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2017-6273", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-10-17T20:29:00.433", "references": [{"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges."}, {"lang": "es", "value": "NVIDIA ADSP Firmware contiene una vulnerabilidad en el componente ADSP Loader en la que es posible escribir en un espacio de la memoria que est\u00e1 fuera de los l\u00edmites esperados del b\u00fafer, lo que puede provocar una denegaci\u00f3n de servicio (DoS) o un escalado de privilegios."}], "lastModified": "2017-11-08T15:26:46.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:adsp_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BB851B1-A2FE-4ECE-9574-C3D97F1A4256"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:tegra_jetson_l4t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75F73AE3-1578-43D2-967F-2DCE8445BCF2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}