The following sections summarize the vulnerabilities and list their CVSS risk assessments.
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVHOST, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVHOST, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where there is the potential to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVHOST, where a user-after-free may lead to denial of service or possible escalation of privilege.
CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where the offset and size can change between the check and then be used in a way that invalidates the results of the check, which may lead to a denial of service or possible escalation of privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: 7.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in the NVIDIA Tegra library (libnvrm
), where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.
CVSS Base Score 7.1
CVSS Temporal Score 6.4
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVHOST, where an attacker has the ability to write an arbitrary value to an arbitrary location, which may lead to an escalation of privileges.
CVSS Base Score: 7.1
CVSS Temporal Score: 6.4
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVHOST, where referencing memory after it has been freed may lead to unauthorized information disclosure.
CVSS Base Score: 7.1
CVSS Temporal Score: 6.4
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVAVP, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 7.0
CVSS Temporal Score: 6.3
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where uninitialized stack memory may be leaked to the user, leading to possible information disclosure.
CVSS Base Score: 5.5
CVSS Temporal Score: 5.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA Camera, where the buffer being overwritten is allocated on the stack, which may lead to a local permanent denial of service or possible escalation of privileges, which may require reflashing of the operating system to repair the device.
CVSS Base Score: 4.0
CVSS Temporal Score: 3.6
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn’t know of any exploits to these issues at this time.