cvelistv5 - CVE-2017-6273

CVE-2017-6273 (GCVE-0-2017-6273)

Vulnerability from cvelistv5

Published

2017-10-17 20:00

Modified

2024-09-16 23:56

Severity ?

CWE

Denial of Service, Escalation of Privileges

Summary

References

URL

	Vendor	Product	Version
	Nvidia Corporation	Jetson	Version: Jetson TX1

ghsa-c3fh-cg9w-m6pr

Vulnerability from github

Published

2022-05-17 00:25

Modified

2022-05-17 00:25

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-17T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.",
  "id": "GHSA-c3fh-cg9w-m6pr",
  "modified": "2022-05-17T00:25:39Z",
  "published": "2022-05-17T00:25:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6273"
    },
    {
      "type": "WEB",
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2017-6273

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-6273

Aliases

CVE-2017-6273

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6273",
    "description": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.",
    "id": "GSD-2017-6273"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6273"
      ],
      "details": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.",
      "id": "GSD-2017-6273",
      "modified": "2023-12-13T01:21:09.746911Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@nvidia.com",
        "DATE_PUBLIC": "2017-10-17T00:00:00",
        "ID": "CVE-2017-6273",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Jetson",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Jetson TX1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Nvidia Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service, Escalation of Privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
            "refsource": "CONFIRM",
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nvidia:adsp_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:tegra_jetson_l4t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2017-6273"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-11-08T15:26Z",
      "publishedDate": "2017-10-17T20:29Z"
    }
  }
}

De multiples vulnérabilités ont été découvertes dans NVIDIA Tegra Jetson L4T. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Jetson TK1 (R21) pour L4T/Linux
N/A	N/A	Jetson TX1 (R24) pour L4T/Linux
N/A	N/A	Jetson TK1 and Jetson TX1 (R21 et R24) pour L4T/Linux

References

Title

Publication Time

cnvd-2017-33795

Vulnerability from cnvd

Title

NVIDIA ADSP Firmware ADSP Loader组件缓冲区溢出漏洞

Description

NVIDIA ADSP Firmware是美国英伟达（NVIDIA）公司的一套高级数字信号处理单元中使用的固件。ADSP Loader是其中的一个引导装载组件。 NVIDIA ADSP Firmware中的ADSP Loader组件存在缓冲区溢出漏洞。本地攻击者可利用该漏洞造成拒绝服务或提升权限（越边界写入）。

Severity

中

Patch Name

NVIDIA ADSP Firmware ADSP Loader组件缓冲区溢出漏洞的补丁

Patch Description

NVIDIA ADSP Firmware是美国英伟达（NVIDIA）公司的一套高级数字信号处理单元中使用的固件。ADSP Loader是其中的一个引导装载组件。 NVIDIA ADSP Firmware中的ADSP Loader组件存在缓冲区溢出漏洞。本地攻击者可利用该漏洞造成拒绝服务或提升权限（越边界写入）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Reference

http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Impacted products

Name
NVIDIA ADSP Firmware

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6273"
    }
  },
  "description": "NVIDIA ADSP Firmware\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4e00\u5957\u9ad8\u7ea7\u6570\u5b57\u4fe1\u53f7\u5904\u7406\u5355\u5143\u4e2d\u4f7f\u7528\u7684\u56fa\u4ef6\u3002ADSP Loader\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f15\u5bfc\u88c5\u8f7d\u7ec4\u4ef6\u3002\r\n\r\nNVIDIA ADSP Firmware\u4e2d\u7684ADSP Loader\u7ec4\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u63d0\u5347\u6743\u9650\uff08\u8d8a\u8fb9\u754c\u5199\u5165\uff09\u3002",
  "discovererName": "NVIDIA",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://nvidia.custhelp.com/app/answers/detail/a_id/4561",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33795",
  "openTime": "2017-11-14",
  "patchDescription": "NVIDIA ADSP Firmware\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4e00\u5957\u9ad8\u7ea7\u6570\u5b57\u4fe1\u53f7\u5904\u7406\u5355\u5143\u4e2d\u4f7f\u7528\u7684\u56fa\u4ef6\u3002ADSP Loader\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f15\u5bfc\u88c5\u8f7d\u7ec4\u4ef6\u3002\r\n\r\nNVIDIA ADSP Firmware\u4e2d\u7684ADSP Loader\u7ec4\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u63d0\u5347\u6743\u9650\uff08\u8d8a\u8fb9\u754c\u5199\u5165\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NVIDIA ADSP Firmware ADSP Loader\u7ec4\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NVIDIA ADSP Firmware"
  },
  "referenceLink": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-13",
  "title": "NVIDIA ADSP Firmware ADSP Loader\u7ec4\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

var-201710-1301

Vulnerability from variot

NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges. NVIDIA ADSP The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA ADSP Firmware is a firmware used in a set of advanced digital signal processing units of NVIDIA Corporation. ADSP Loader is one of the bootloader components. A security vulnerability exists in the ADSP Loader component of the NVIDIA ADSP Firmware. A local attacker could exploit this vulnerability to cause a denial of service or to escalate privileges (write out of bounds)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1301",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "adsp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "adsp",
        "scope": null,
        "trust": 0.8,
        "vendor": "nvidia",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:nvidia:adsp_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      }
    ]
  },
  "cve": "CVE-2017-6273",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-6273",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-114476",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-6273",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6273",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6273",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-586",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114476",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges. NVIDIA ADSP The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA ADSP Firmware is a firmware used in a set of advanced digital signal processing units of NVIDIA Corporation. ADSP Loader is one of the bootloader components. A security vulnerability exists in the ADSP Loader component of the NVIDIA ADSP Firmware. A local attacker could exploit this vulnerability to cause a denial of service or to escalate privileges (write out of bounds)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6273",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-114476",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "id": "VAR-201710-1301",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:42:02.619000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for \u201cBlueBorne\u201d and \u201cDnsmasq\u201d.(CVE-2017-6273)",
        "trust": 0.8,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6273"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6273"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "date": "2017-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "date": "2017-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      },
      {
        "date": "2017-10-17T20:29:00.433000",
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114476"
      },
      {
        "date": "2017-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      },
      {
        "date": "2017-11-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      },
      {
        "date": "2024-11-21T03:29:24.520000",
        "db": "NVD",
        "id": "CVE-2017-6273"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA ADSP Firmware buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009530"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-586"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2017-6273

Vulnerability from fkie_nvd

Published

2017-10-17 20:29

Modified

2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@nvidia.com	http://nvidia.custhelp.com/app/answers/detail/a_id/4561	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://nvidia.custhelp.com/app/answers/detail/a_id/4561	Vendor Advisory

Impacted products

	Vendor	Product	Version
	nvidia	adsp_firmware	-
	nvidia	tegra_jetson_l4t	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nvidia:adsp_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB851B1-A2FE-4ECE-9574-C3D97F1A4256",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nvidia:tegra_jetson_l4t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F73AE3-1578-43D2-967F-2DCE8445BCF2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges."
    },
    {
      "lang": "es",
      "value": "NVIDIA ADSP Firmware contiene una vulnerabilidad en el componente ADSP Loader en la que es posible escribir en un espacio de la memoria que est\u00e1 fuera de los l\u00edmites esperados del b\u00fafer, lo que puede provocar una denegaci\u00f3n de servicio (DoS) o un escalado de privilegios."
    }
  ],
  "id": "CVE-2017-6273",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-17T20:29:00.433",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-6273 (GCVE-0-2017-6273)

Vulnerability from cvelistv5

ghsa-c3fh-cg9w-m6pr

Vulnerability from github

gsd-2017-6273

Vulnerability from gsd

CERTFR-2017-AVI-362

Vulnerability from certfr_avis

Solution

cnvd-2017-33795

Vulnerability from cnvd

var-201710-1301

Vulnerability from variot

fkie_cve-2017-6273

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature