So NVIDIA detailed two new exploits for the bootloader of the NVIDIA Shield TV:
CVE‑2019‑5699
NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution.
and
CVE‑2019‑5700
NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
"The first flaw (CVE‑2019‑5699) stems from the bootloader in the Nvidia Tegra SoC of Nvidia Shield TV. This is the piece of code that runs before an operating systems starts to run, and loads the operating system when a computer turns on. The issue is due to the software performing an incorrect bounds check. Bounds checking is a method of detecting whether a variable is within “bounds” before it is used in the memory buffer, which is a region of a physical memory storage. This flaw can lead to a buffer overflow; when more data is sent to a memory block (buffer) than it can hold. Attackers could leverage this flaw to launch escalation-of-privilege and code-execution attacks.
The other flaw (CVE‑2019‑5700) exists in how the bootloader interacts with the boot image, a type of disk image that provides critical files necessary to load the device. The boot image typically contains a field that indicates a header version; the bootloader must check this header version field and parse the header accordingly. However, according to Nvidia, the bootloader in the vulnerable versions does not correctly validate the fields of the boot image. This glitch can lead to code execution, denial-of-service, escalation-of-privilege and information disclosure."
https://nvidia.custhelp.com/app/answers/detail/a_id/4875
Would these be applicable to the bootloader of the Switch?
CVE‑2019‑5699
NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution.
and
CVE‑2019‑5700
NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
"The first flaw (CVE‑2019‑5699) stems from the bootloader in the Nvidia Tegra SoC of Nvidia Shield TV. This is the piece of code that runs before an operating systems starts to run, and loads the operating system when a computer turns on. The issue is due to the software performing an incorrect bounds check. Bounds checking is a method of detecting whether a variable is within “bounds” before it is used in the memory buffer, which is a region of a physical memory storage. This flaw can lead to a buffer overflow; when more data is sent to a memory block (buffer) than it can hold. Attackers could leverage this flaw to launch escalation-of-privilege and code-execution attacks.
The other flaw (CVE‑2019‑5700) exists in how the bootloader interacts with the boot image, a type of disk image that provides critical files necessary to load the device. The boot image typically contains a field that indicates a header version; the bootloader must check this header version field and parse the header accordingly. However, according to Nvidia, the bootloader in the vulnerable versions does not correctly validate the fields of the boot image. This glitch can lead to code execution, denial-of-service, escalation-of-privilege and information disclosure."
https://nvidia.custhelp.com/app/answers/detail/a_id/4875
Would these be applicable to the bootloader of the Switch?
Last edited by mattyxarope,
