by Danny Bradbury
Nvidia has released 13 patches targeting two low-end embedded computing boards. The processor company explained in a security advisory this week that the flaws could lead to code execution, denial of service, escalation of privileges, or information disclosure.
These security bugs won’t turn up in your gaming PC, but they could cause problems for your drone or smart internet facial recognition security camera. They affect the Nvidia Jetson TX1 and TX2 boards, each of which carries an Nvidia Tegra processor. Released in November 2015, the TX1 is a module the size of a pack of cigarettes designed to be integrated into IoT products. The TX2 is a higher-powered successor.
Described by Nvidia as a “supercomputer on a module”, these boards are designed for AI-powered applications like embedded deep learning and computer vision. These are the kinds of modules that put the ‘edge’ in edge computing. They’re supposed to be used in robots, 3D scanners and the like.
Vulnerability CVE‑2018‑6269 gets the highest base score (a CVSS score representing severity) in the security advisory. It is a flaw in the Tegra kernel driver’s input/output control handling for user mode requests. This is the only bug in the pack that could lead to potential code execution, according to the advisory.
This bug is also one of many that can lead to privilege escalation or denial of service. The next three highest-scoring bugs carry these risks.
CVE‑2017‑6278 is a bug in the kernel’s thermal driver that could allow an attacker to read or write after the end of a buffer. CVE‑2018‑6267 is a bug in the driver for OpenMax, which is a set of C-language programming interfaces for multimedia processing. It fails to validate metadata, which could allow an attacker to deny service or escalate their privileges …
Author: Danny Bradbury