Hacking Nvidia Shield TV Hit With High-Severity Security Flaws - Possible New Entry Points?

mattyxarope

Well-Known Member
OP
Member
Joined
Jan 15, 2019
Messages
544
Trophies
0
XP
1,995
Country
United States
So NVIDIA detailed two new exploits for the bootloader of the NVIDIA Shield TV:

CVE‑2019‑5699
NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution.

and

CVE‑2019‑5700
NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

"The first flaw (CVE‑2019‑5699) stems from the bootloader in the Nvidia Tegra SoC of Nvidia Shield TV. This is the piece of code that runs before an operating systems starts to run, and loads the operating system when a computer turns on. The issue is due to the software performing an incorrect bounds check. Bounds checking is a method of detecting whether a variable is within “bounds” before it is used in the memory buffer, which is a region of a physical memory storage. This flaw can lead to a buffer overflow; when more data is sent to a memory block (buffer) than it can hold. Attackers could leverage this flaw to launch escalation-of-privilege and code-execution attacks.

The other flaw (CVE‑2019‑5700) exists in how the bootloader interacts with the boot image, a type of disk image that provides critical files necessary to load the device. The boot image typically contains a field that indicates a header version; the bootloader must check this header version field and parse the header accordingly. However, according to Nvidia, the bootloader in the vulnerable versions does not correctly validate the fields of the boot image. This glitch can lead to code execution, denial-of-service, escalation-of-privilege and information disclosure."

https://nvidia.custhelp.com/app/answers/detail/a_id/4875

Would these be applicable to the bootloader of the Switch?
 
Last edited by mattyxarope,

linuxares

The inadequate, autocratic beast!
Global Moderator
Joined
Aug 5, 2007
Messages
12,987
Trophies
2
XP
17,501
Country
Sweden
Yeah the first exploit if it's possible on the Switches is definitely a coldboot possibility, if it's the same on the Switch, CVE‑2019‑5700 however sounds like the RCM bug no?

EDIT: What I get it seems that they are both software patchable. So we should not update if Nintendo magically release a new firmware update the next couple of weeks if these are exploitable.
 
Last edited by linuxares,

Ericthegreat

Not New Member
Member
Joined
Nov 8, 2008
Messages
3,451
Trophies
2
Location
Vana'diel
XP
4,212
Country
United States
I didn't think about this when I read about the security issue, interesting, if someone doesn't say somthing soon, Nintendo will patch it, and everyone will update.
 

linuxares

The inadequate, autocratic beast!
Global Moderator
Joined
Aug 5, 2007
Messages
12,987
Trophies
2
XP
17,501
Country
Sweden
If people are curious (like I was) this doesn't seem to be the previously found selfblow exploit, as that one has a similar but different CVE
selfblow? I haven't heard about that one before either. Since it's software patchable it sounds like it's something with the Android system no?
 

kevin corms

Well-Known Member
Member
Joined
Feb 21, 2015
Messages
1,008
Trophies
0
Age
40
XP
1,760
Country
Canada
Well on the other hand, the fact that it runs android means it isnt very secure in the first place. Its a great device for what it is, but I wouldnt trust my bank info or anything on it.
 
Last edited by kevin corms,
  • Like
Reactions: andyhappypants

linuxares

The inadequate, autocratic beast!
Global Moderator
Joined
Aug 5, 2007
Messages
12,987
Trophies
2
XP
17,501
Country
Sweden
Well on the other hand, the fact that it runs android means it isnt very secure in the first place. Its a great device for what it is, but I wouldnt trust my bank info or anything on it.
No real electronic is "secure". It's just safe until someone really wanna get in.
 

kevin corms

Well-Known Member
Member
Joined
Feb 21, 2015
Messages
1,008
Trophies
0
Age
40
XP
1,760
Country
Canada
No real electronic is "secure". It's just safe until someone really wanna get in.
There are variable levels of security, but yes nothing is perfect. I dont get this argument that seems to come straight from google, people are basically saying since any security can be theoretically defeated that security is just a waste of time? That kind of logic just doesnt fly with me, sorry.
 
Last edited by kevin corms,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • BakerMan @ BakerMan:
    how do you roll a die?
  • BigOnYa @ BigOnYa:
    with your hands, duh. Well uremum has a party trick that she uses something else
  • BakerMan @ BakerMan:
    in chat i mean
  • BakerMan @ BakerMan:
    and what if i don't have any hands? (i mean, i do (duh), but what if i didn't?)
  • K3Nv2 @ K3Nv2:
    Uremum is in the chat and she told me you're grounded
    +1
  • BakerMan @ BakerMan:
    cap
  • Xdqwerty @ Xdqwerty:
    Uremum's mum grounded her
  • K3Nv2 @ K3Nv2:
    This is Bakermans mum you're grounded no internet
    +1
  • BigOnYa @ BigOnYa:
    He must be listening, no response
  • K3Nv2 @ K3Nv2:
    Well he shouldn't have used chatgpt to do his homework
    +1
  • Xdqwerty @ Xdqwerty:
    Wut
  • HiradeGirl @ HiradeGirl:
    I got crabs
  • Xdqwerty @ Xdqwerty:
    The crustacean or the disease?
  • K3Nv2 @ K3Nv2:
    Well we warned you about Juan
    +4
  • wolffangalchemist @ wolffangalchemist:
    I personally love seafood.
  • Xdqwerty @ Xdqwerty:
    Good night
  • BakerMan @ BakerMan:
    i personally dislike seafood
  • BakerMan @ BakerMan:
    except tuna salad, a tuna melt fucking slaps dude
  • N @ neww1:
    tôi muốn mua chip thì nên vào đâu vậy
  • N @ neww1:
    I want to buy chips, where can I buy them?Tì
  • SylverReZ @ SylverReZ:
    This is an English speaking forum.
  • SylverReZ @ SylverReZ:
    @neww1, AliExpress
    +1
  • N @ neww1:
    vietnam
    N @ neww1: vietnam