cvelistv5 - cve-2017-6296

CVE-2017-6296 (GCVE-0-2017-6296)

Vulnerability from cvelistv5

Published

2018-03-06 16:00

Modified

2024-09-16 18:49

Severity ?

CWE

Denial of Service

Summary

NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.

References

URL

	Vendor	Product	Version
	Nvidia Corporation	SHIELD TV	Version: NA

ghsa-56m8-vjv3-958w

Vulnerability from github

Published

2022-05-14 03:35

Modified

2022-05-14 03:35

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-06T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.",
  "id": "GHSA-56m8-vjv3-958w",
  "modified": "2022-05-14T03:35:25Z",
  "published": "2022-05-14T03:35:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6296"
    },
    {
      "type": "WEB",
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2018-05982

Vulnerability from cnvd

Title

NVIDIA SHIELD TV TrustZone Software DRM应用程序权限提升漏洞

Description

NVIDIA SHIELD TV是美国英伟达（NVIDIA）公司的一款游戏主机设备。TrustZone Software是其中的一个系统范围的安全软件。DRM application是其中的一个数字版权管理应用程序。 NVIDIA SHIELD TV SE 6.2及之前版本中的TrustZone Software的DRM应用程序存在安全漏洞。攻击者可利用漏洞造成拒绝服务或可能提升权限。

Severity

中

Patch Name

NVIDIA SHIELD TV TrustZone Software DRM应用程序权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://nvidia.custhelp.com/app/answers/detail/a_id/4631

Reference

http://nvidia.custhelp.com/app/answers/detail/a_id/4631

Impacted products

Name
NVIDIA TrustZone Software

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6296"
    }
  },
  "description": "NVIDIA SHIELD TV\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6e38\u620f\u4e3b\u673a\u8bbe\u5907\u3002TrustZone Software\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u8303\u56f4\u7684\u5b89\u5168\u8f6f\u4ef6\u3002DRM application\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6570\u5b57\u7248\u6743\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nNVIDIA SHIELD TV SE 6.2\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684TrustZone Software\u7684DRM\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u53ef\u80fd\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "NVIDIA",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://nvidia.custhelp.com/app/answers/detail/a_id/4631",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05982",
  "openTime": "2018-03-22",
  "patchDescription": "NVIDIA SHIELD TV\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6e38\u620f\u4e3b\u673a\u8bbe\u5907\u3002TrustZone Software\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u8303\u56f4\u7684\u5b89\u5168\u8f6f\u4ef6\u3002DRM application\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6570\u5b57\u7248\u6743\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nNVIDIA SHIELD TV SE 6.2\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684TrustZone Software\u7684DRM\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u53ef\u80fd\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NVIDIA SHIELD TV TrustZone Software DRM\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NVIDIA TrustZone Software"
  },
  "referenceLink": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-08",
  "title": "NVIDIA SHIELD TV TrustZone Software DRM\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate. NVIDIASHIELDTV is a game console device from NVIDIA. TrustZoneSoftware is one of the system-wide security software. DRMapplication is one of the digital rights management applications. There are security vulnerabilities in the DRM application of TrustZoneSoftware in NVIDIASHIELDTVSE6.2 and earlier. An attacker could exploit a vulnerability to cause a denial of service or might increase privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1362",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": null
      },
      {
        "model": "shield tv",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nvidia",
        "version": "6.2"
      },
      {
        "model": "android",
        "scope": null,
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": "shield tv",
        "scope": null,
        "trust": 0.8,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "trustzone software",
        "scope": null,
        "trust": 0.6,
        "vendor": "nvidia",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6296"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:google:android",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:nvidia:shield_tv_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      }
    ]
  },
  "cve": "CVE-2017-6296",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2017-6296",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-05982",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-114499",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "id": "CVE-2017-6296",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6296",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6296",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-05982",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-175",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114499",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114499"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6296"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate. NVIDIASHIELDTV is a game console device from NVIDIA. TrustZoneSoftware is one of the system-wide security software. DRMapplication is one of the digital rights management applications. There are security vulnerabilities in the DRM application of TrustZoneSoftware in NVIDIASHIELDTVSE6.2 and earlier. An attacker could exploit a vulnerability to cause a denial of service or might increase privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6296"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114499"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6296",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-175",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-114499",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114499"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6296"
      }
    ]
  },
  "id": "VAR-201803-1362",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114499"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:55:59.346000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "https://www.android.com/intl/ja_jp/phones/"
      },
      {
        "title": "Answer ID 4631",
        "trust": 0.8,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631"
      },
      {
        "title": "NVIDIASHIELDTVTrustZoneSoftwareDRM Application Privilege Escalation Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/122743"
      },
      {
        "title": "NVIDIA SHIELD TV TrustZone Software DRM Fixes for application security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78936"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114499"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6296"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6296"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6296"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114499"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6296"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114499"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6296"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "date": "2018-03-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114499"
      },
      {
        "date": "2018-04-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "date": "2018-03-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      },
      {
        "date": "2018-03-06T16:29:00.480000",
        "db": "NVD",
        "id": "CVE-2017-6296"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-05982"
      },
      {
        "date": "2018-03-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114499"
      },
      {
        "date": "2018-04-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      },
      {
        "date": "2018-03-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      },
      {
        "date": "2024-11-21T03:29:29.720000",
        "db": "NVD",
        "id": "CVE-2017-6296"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA TrustZone Software Race condition vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012852"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competitive condition",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-175"
      }
    ],
    "trust": 0.6
  }
}

gsd-2017-6296

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.

Aliases

CVE-2017-6296

Aliases

CVE-2017-6296

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6296",
    "description": "NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.",
    "id": "GSD-2017-6296"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6296"
      ],
      "details": "NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.",
      "id": "GSD-2017-6296",
      "modified": "2023-12-13T01:21:09.860496Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@nvidia.com",
        "DATE_PUBLIC": "2018-02-26T00:00:00",
        "ID": "CVE-2017-6296",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SHIELD TV",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "NA"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Nvidia Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631",
            "refsource": "CONFIRM",
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nvidia:shield_tv_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nvidia:shield_tv:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2017-6296"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-03-27T17:11Z",
      "publishedDate": "2018-03-06T16:29Z"
    }
  }
}

fkie_cve-2017-6296

Vulnerability from fkie_nvd

Published

2018-03-06 16:29

Modified

2024-11-21 03:29

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.

References

	URL	Tags
	psirt@nvidia.com	http://nvidia.custhelp.com/app/answers/detail/a_id/4631	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://nvidia.custhelp.com/app/answers/detail/a_id/4631	Vendor Advisory

Impacted products

Vendor	Product	Version
nvidia	shield_tv_firmware	*
nvidia	shield_tv	-
google	android	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nvidia:shield_tv_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78C328C9-DEF4-47AE-91F2-8C8AA43B4E20",
              "versionEndIncluding": "6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nvidia:shield_tv:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49F85C44-6B7E-4B7C-AC8D-9D5727DFA0B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate."
    },
    {
      "lang": "es",
      "value": "NVIDIA TrustZone Software contiene un problema de TOCTOU en la aplicaci\u00f3n DRM, lo que podr\u00eda conducir a una denegaci\u00f3n de servicio (DoS) o a una escalada de privilegios. Este problema se ha clasificado como moderado,"
    }
  ],
  "id": "CVE-2017-6296",
  "lastModified": "2024-11-21T03:29:29.720",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-06T16:29:00.480",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-6296 (GCVE-0-2017-6296)

Vulnerability from cvelistv5

ghsa-56m8-vjv3-958w

Vulnerability from github

cnvd-2018-05982

Vulnerability from cnvd

var-201803-1362

Vulnerability from variot

gsd-2017-6296

Vulnerability from gsd

fkie_cve-2017-6296

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature