CVE-2018-6269 - OpenCVE

NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nvidia	Jetson Tx2

Configuration 1 [-]

cpe:2.3:a:nvidia:jetson_tx2:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/4787
https://nvidia.custhelp.com/app/answers/detail/a_id/4804

History

No history.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2019-04-12T16:25:45

Updated: 2024-08-05T06:01:48.548Z

Reserved: 2018-01-25T00:00:00

Link: CVE-2018-6269

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-12T17:29:00.413

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-6269

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Jetson Tegra TX2", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "R28.3"}]}], "datePublic": "2019-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3."}], "problemTypes": [{"descriptions": [{"description": "Code execution, denial of service, escalation of privileges, information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-02T21:06:06", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2018-6269", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jetson Tegra TX2", "version": {"version_data": [{"version_value": "R28.3"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Code execution, denial of service, escalation of privileges, information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"}, {"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:01:48.548Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"}]}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2018-6269", "datePublished": "2019-04-12T16:25:45", "dateReserved": "2018-01-25T00:00:00", "dateUpdated": "2024-08-05T06:01:48.548Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:jetson_tx2:*:*:*:*:*:*:*:*", "matchCriteriaId": "1455BBEB-871A-41FE-A4BD-6DC583777252", "versionEndExcluding": "r28.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3."}, {"lang": "es", "value": "NVIDIA Jetson versi\u00f3n TX2 contiene una vulnerabilidad en el controlador del kernel donde el manejo del control de entrada y salida (IOCTL) para las peticiones de modo de usuario podr\u00eda crear una falta de confianza en la eliminaci\u00f3n del puntero, lo que podr\u00eda conllevar a la revelaci\u00f3n de informaci\u00f3n, denegaci\u00f3n de servicio, escalado de privilegios o ejecuci\u00f3n de c\u00f3digo . Las actualizaciones se aplican a todas las versiones anteriores a R28.3."}], "id": "CVE-2018-6269", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-12T17:29:00.413", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"}, {"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}