Sign-up

ID

VAR-201711-0653


CVE

CVE-2017-0866


TITLE

NVIDIA Tegra X1 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010414

DESCRIPTION

An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kernel memory corruption and possible code execution. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-38415808. References: N-CVE-2017-0866. NVIDIA Tegra X1 Contains vulnerabilities related to authorization, permissions, and access control. This vulnerability Android ID: A-38415808 and NVIDIA N-CVE-2017-0866 It is published asInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GooglePixel is a smartphone device from Google Inc. in the United States. The NVIDIA TegraX1 is a processor chip used by NVIDIA. Directrenderinginfrastructur is one of the architectures for direct access to graphics hardware

Trust: 2.34

sources: NVD: CVE-2017-0866 // JVNDB: JVNDB-2017-010414 // CNVD: CNVD-2017-37819 // VULHUB: VHN-99685 // VULMON: CVE-2017-0866

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37819

AFFECTED PRODUCTS

vendor:nvidiamodel:tegra x1scope:eqversion: -

Trust: 1.6

vendor:nvidiamodel:tegra x1scope: - version: -

Trust: 0.8

vendor:nvidiamodel:tegrascope:eqversion:x1

Trust: 0.6

sources: CNVD: CNVD-2017-37819 // JVNDB: JVNDB-2017-010414 // CNNVD: CNNVD-201711-638 // NVD: CVE-2017-0866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-0866
value: HIGH

Trust: 1.0

NVD: CVE-2017-0866
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37819
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-638
value: HIGH

Trust: 0.6

VULHUB: VHN-99685
value: HIGH

Trust: 0.1

VULMON: CVE-2017-0866
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-0866
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-37819
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-99685
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-0866
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37819 // VULHUB: VHN-99685 // VULMON: CVE-2017-0866 // JVNDB: JVNDB-2017-010414 // CNNVD: CNNVD-201711-638 // NVD: CVE-2017-0866

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-99685 // JVNDB: JVNDB-2017-010414 // NVD: CVE-2017-0866

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-638

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-638

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010414

PATCH
title:Pixel/Nexus のセキュリティに関する公開情報 - 2017 年 11 月url:https://source.android.com/security/bulletin/pixel/2017-11-01#announcements
Trust: 0.8
title:Tegra X1 スーパーチップurl:http://www.nvidia.co.jp/object/tegra-x1-processor-jp.html
Trust: 0.8
title:Patch for GoogleNVIDIATegraX1Directrenderinginfrastructur privilege vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/111397
Trust: 0.6
title:Google NVIDIA Tegra X1 Direct rendering infrastructur Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76475
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37819 // 
            
            
            
            JVNDB: JVNDB-2017-010414 // 
            
            
            
            CNNVD: CNNVD-201711-638

EXTERNAL IDS
db:NVDid:CVE-2017-0866
Trust: 3.2
db:JVNDBid:JVNDB-2017-010414
Trust: 0.8
db:CNNVDid:CNNVD-201711-638
Trust: 0.7
db:CNVDid:CNVD-2017-37819
Trust: 0.6
db:VULHUBid:VHN-99685
Trust: 0.1
db:VULMONid:CVE-2017-0866
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37819 // 
            
            
            
            VULHUB: VHN-99685 // 
            
            
            
            VULMON: CVE-2017-0866 // 
            
            
            
            JVNDB: JVNDB-2017-010414 // 
            
            
            
            CNNVD: CNNVD-201711-638 // 
            
            
            
            NVD: CVE-2017-0866

REFERENCES
url:https://source.android.com/security/bulletin/pixel/2017-11-01#announcements
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0866
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-0866
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37819 // 
            
            
            
            VULHUB: VHN-99685 // 
            
            
            
            VULMON: CVE-2017-0866 // 
            
            
            
            JVNDB: JVNDB-2017-010414 // 
            
            
            
            CNNVD: CNNVD-201711-638 // 
            
            
            
            NVD: CVE-2017-0866

SOURCES
db:CNVDid:CNVD-2017-37819
db:VULHUBid:VHN-99685
db:VULMONid:CVE-2017-0866
db:JVNDBid:JVNDB-2017-010414
db:CNNVDid:CNNVD-201711-638
db:NVDid:CVE-2017-0866

LAST UPDATE DATE
2025-04-20T23:35:40.674000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37819date:2017-12-21T00:00:00
db:VULHUBid:VHN-99685date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-0866date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-010414date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-638date:2019-10-23T00:00:00
db:NVDid:CVE-2017-0866date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37819date:2017-12-21T00:00:00
db:VULHUBid:VHN-99685date:2017-11-16T00:00:00
db:VULMONid:CVE-2017-0866date:2017-11-16T00:00:00
db:JVNDBid:JVNDB-2017-010414date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-638date:2017-11-20T00:00:00
db:NVDid:CVE-2017-0866date:2017-11-16T22:29:00.207