Elevation of Privilege Vulnerability in NVIDIA GPU Driver for Android
CVE-2017-6264

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Android
Vendor: CVE Published:; 6 November 2017

What is CVE-2017-6264?

An elevation of privilege vulnerability has been identified in the NVIDIA GPU driver, specifically in the function gm20b_clk_throt_set_cdev_state. This vulnerability allows a local attacker to exploit an out of bound memory read, potentially executing arbitrary code in the kernel context. Attackers may leverage this to perform unauthorized actions within privileged processes on affected Android devices, posing significant risks to system integrity and security.

Affected Version(s)

Android

References

http://www.securityfocus.com/bid/101744

vdb-entryx_refsource_BID

https://source.android.com/security/bulletin/2017-11-01

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2017
Vulnerability Reserved
Feb 23, 2017

Nvidia

What is CVE-2017-6264?

Affected Version(s)

References

CVSS V3.1

Timeline