NVIDIA Tegra OpenMax Driver Vulnerability in Android Devices
CVE-2018-6271

7.8HIGH

Key Information:

Vendor
Nvidia
Status
Android
Vendor
CVE Published:
4 February 2019

Summary

The NVIDIA Tegra OpenMax driver presents a vulnerability where the software improperly validates extra data sent with a buffer. This oversight can lead to potential denial of service or even privilege escalation attacks, compromising the integrity of affected Android devices. In particular, this issue involves the libnvomx component, which could allow an attacker to exploit the vulnerability to manipulate system functionality.

Affected Version(s)

Android

References

http://www.securityfocus.com/bid/106846
vdb-entryx_refsource_BID
https://source.android.com/security/bulletin/2019-02-01
x_refsource_CONFIRM
https://nvidia.custhelp.com/app/answers/detail/a_id/4787
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.