NVIDIA½¨¸´¶à¸ö·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2019-12-09

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-6267£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.4£¬¹Ù·½£º7.8

CVE±àºÅ£ºCVE-2018-6271£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.4£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-6240£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.2£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-6268£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.8£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-5700£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.6£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-5699£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.6£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾



·ì϶¸ÅÊö


NVIDIA°ä²¼ÁËÕë¶ÔJetson AGX Xavier£¬TK1£¬TX1£¬TX2ºÍNanoоƬµÄTegra LinuxÇý¶¯·¨Ê½°ü£¨L4T£©ÖеÄÁù¸ö¸ßΣ·ì϶µÄ°²È«¸üУ¬ÕâЩ·ì϶ÓÃÓÚ±¼ÌÚµÄMBUXÐÅÏ¢ÓéÀÖϵͳºÍ²©ÊÀ×Ô¶¯¼ÝÊ»ÍÆËã»úϵͳÖС£ÊÜÕâЩ·ì϶ӰÏìµÄоƬ»¹ÓÃÓÚHPºÍAcer Chromebook£¬Androidƽ°åµçÄÔ£¬Nintendo SwitchÊÓƵÓÎÏ·»úºÍMagic Leap OneÐé¹¹ÊÓÍøĤÏÔʾÆ÷¡£ÕâЩ°²È«·ì϶¿ÉÄÜʹӵÓзÖÆ缶±ðÓû§È¨Ï޵ı¾µØ¹¥»÷Õß¿ÉÄÜÖ´ÐÐËÁÒâ´úÂ룬ÌáÉýȨÏÞ£¬´¥·¢»Ø¾ø·þÎñ£¨DoS£©×´Ì¬£¬²¢Õë¶Ôδ´ò²¹¶¡Ð¾Æ¬µÄÉ豸ÌáÒéÐÅϢй¶¹¥»÷¡£·ì϶¸ÅÊöÈçÏ£º


CVE-2018-6267

AndroidÊÇÃÀ¹ú¹È¸è£¨Google£©ºÍÅ­°ÕÐݳÖÉ豸ͬÃË£¨¼ò³ÆOHA£©µÄÒ»Ì×ÒÔLinuxΪ»ù´¡µÄ¿ªÔ´²Ù×÷ϵͳ¡£NVIDIA libnvomxÊÇÆäÖеÄÒ»¸öÊÓƵ±àÂë¿â¡£


AndroidÖеÄNVIDIA libnvomx´æÔÚÊäÈëÑéÖ¤ÃýÎó·ì϶£¬¸Ã·ì϶ԴÓÚ·¨Ê½Ã»ÓÐÑéÖ¤»òÃýÎóµØÑéÖ¤ÁËÓû§µÄÊäÈë¡£Ô¶³Ì¹¥»÷Õß¿ÉÀûÓø÷ì϶Ôì³É»Ø¾ø·þÎñ»òÌáÉýȨÏÞ¡£


CVE-2018-6271

AndroidÖеÄNVIDIA libnvomx´æÔÚ»º³åÇøÃýÎó·ì϶£¬¸Ã·ì϶ԴÓÚ·¨Ê½Ã»ÓÐÕýÈ·µØÑéÖ¤¶î±íµÄÊý¾Ý¡£Ô¶³Ì¹¥»÷Õß¿ÉÀûÓø÷ì϶Ôì³É»Ø¾ø·þÎñ»òÌáÉýȨÏÞ¡£


CVE-2018-6240

AndroidÖеÄNVIDIA BootROM×é¼þ´æÔÚÌáȨ·ì϶¡£¹¥»÷Õß¿ÉÀûÓø÷ì϶ÌáÉýȨÏÞ¡£


CVE-2018-6268

Google AndroidÖеÄNVIDIA libnvomx×é¼þµÄlibnvmmlite_video.soÎļþ´æÔÚ¿ªÊͺó³ÁÓ÷ì϶¡£Ô¶³Ì¹¥»÷Õß¿ÉÀûÓø÷ì϶Ôì³É»Ø¾ø·þÎñ»ò¿ÉÄÜÌáÉýȨÏÞ¡£


CVE-2019-5700

NVIDIA Shield TV Experience 8.0.1°æ±¾ÖеÄNVIDIA TegraÈí¼þµÄ bootloader´æÔÚ°²È«·ì϶£¬¸Ã·ì϶ԴÓÚ·¨Ê½Ã»ÓÐÑéÖ¤Êèµ¼¾µÏñµÄ×ֶΡ£¹¥»÷Õß¿ÉÀûÓø÷ì϶ִÐдúÂ룬Ôì³É»Ø¾ø·þÎñ£¬ÌáÉýȨÏÞ¼°Ð¹Â¶ÐÅÏ¢¡£


CVE-2019-5699

NVIDIA Shield TV Experience 8.0.1֮ǰ°æ±¾ÖеÄNVIDIA Tegra bootloader´æÔÚ»º³åÇøÃýÎó·ì϶£¬¸Ã·ì϶ԴÓÚ·¨Ê½½øÐеÄÃýÎóµÄÌìǵ²é³­¡£¹¥»÷Õß¿ÉÀûÓø÷ì϶ÌáÉýȨÏÞ£¬Ð¹Â¶ÐÅÏ¢£¬Ö´ÐдúÂë»òÔì³É»Ø¾ø·þÎñ¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬²¹¶¡»ñÈ¡Á´½Ó£º

https://source.android.com/security/bulletin/2019-09-01

https://source.android.com/security/bulletin/2019-02-01

https://nvidia.custhelp.com/app/answers/detail/a_id/4875


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/nvidia-patches-severe-flaws-in-mercedes-infotainment-system-chips/