Processors

Nvidia patched the exploit selfblow for all gpus tegra

2024
Nvidia patched the exploit selfblow for all gpus tegra

Table of contents:

Anonim

Nvidia released a security update for the Jetson TX1 with the Tegra Linux (L4T) driver package on July 18. The associated security bulletin offered very little detail about what Nvidia fixed, but on GitHub, a researcher named Triszka Balázs revealed that the company was patching a bug that allowed malicious code to run on “every single Tegra device released so far. ”Through what he called the Selfblow exploit.

Selfblow exploit affected Tegra GPUs, but not Nintendo Switch

The failure was due to a problem with the Tegra bootloader. Balázs explained that "nvtboot (NVC) loads nvtboot-cpu (TBC) without first validating the load address, leading to arbitrary write to memory" , meaning that the Selfblow exploit "completely defeats secure boot even with the latest firmware. " This would not affect the Nintendo Switch, which also has a Tegra GPU, because of the secure boot section it is different.

Visit our guide on the best graphics cards on the market

Balázs said he revealed the Nvidia vulnerability on March 9 with plans to publicly reveal it on June 15. That's more time than most researchers give companies to respond to security flaws (the industry standard is 90 days), but it still wasn't enough for Nvidia to broach the subject. Balázs said Nvidia said it would fix the flaw in May, but then did not even assign a CVE identifier to it until July.

So "I decided to disclose this to the public in good faith to encourage them to fix it so we can have better and more secure devices." Nvidia responded by posting the security update on July 18, but Balázs was still not happy, updating his GitHub "readme" to say that Nvidia did not include a reference to Selfblow in the security bulletin and made a mistake in measuring the severity of the failure on the CWE scale.

Nvidia "corrected the summary to describe the potential impacts more accurately" on July 19. He also thanked Balázs for discovering and revealing the vulnerability. More information about the security update can be found through Nvidia DevZone, where it can also be downloaded. There is no other patch for the Selfblow exploit; The only way to defend a device that uses the Tegra chipset is to install this update.

Tomshardware font

Electronic arts give away all dlcs from battlefield 4 on all platforms

Electronic arts give away all dlcs from battlefield 4 on all platforms

Electronic Arts gives away all Battlefield 4 DLCs on all platforms the game is available on, this time all at once.

All the details of the toshiba rc100, the ssd nvme for all budgets

All the details of the toshiba rc100, the ssd nvme for all budgets

We already know all the technical features of the Toshiba RC100, the company's new entry-level NVMe SSD, all the details.

A new exploit appears capable of infecting all computers from windows 2000

A new exploit appears capable of infecting all computers from windows 2000

Metasploit Framework is a new exploit capable of working on all versions of the Microsoft operating system since Windows 2000.

Processors

Editor's choice

Is HTC losing interest in Windows Phone?

Is HTC losing interest in Windows Phone?

2024
Samsung Ativ Q

Samsung Ativ Q

2024
Images of what could be the new Nokia Lumia EOS

Images of what could be the new Nokia Lumia EOS

2024
Build 2013 devices: waiting for manufacturers

Build 2013 devices: waiting for manufacturers

2024
Back to top button