Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-6242

Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code.

Published

2018-05-01T20:29:00.280

Last Modified

2024-11-21T04:10:22.050

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nvidia	tegra_bootrom_rcm	-	Yes
Hardware	nvidia	tegra_mobile_processor	-	No

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4660 Vendor Advisory ([email protected])
http://nvidia.custhelp.com/app/answers/detail/a_id/4660 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)