CVE-2017-6292

Vulnerability

In Android versions before the 2018-06-05 security patch level, the NVIDIA TLZ TrustZone component contains an out-of-bounds write vulnerability due to an integer overflow [1]. This issue resides in the TrustZone subsystem and requires no specific configuration or precondition beyond the presence of the vulnerable code. The affected software is the Android platform incorporating NVIDIA's TLZ TrustZone, as used in devices like the NVIDIA Shield TV [1].

Exploitation

An attacker with local access to the device can trigger the integer overflow and subsequent out-of-bounds write without requiring any user interaction [1]. No additional execution privileges are needed to reach the vulnerable code path, though the attacker must have some means to execute code locally (e.g., via a malicious app or ADB shell) [1]. The exploitation steps involve invoking the affected TrustZone service with crafted input that causes the integer overflow.

Impact

Successful exploitation leads to local escalation of privilege within the TrustZone [1]. The attacker gains elevated privileges in the secure world, potentially allowing them to compromise the Trusted Execution Environment (TEE) and access protected data or take control of TrustZone-secured functions. The impact is rated as high severity [1].

Mitigation

The fix was included in the Android security patch level of 2018-06-05 [1]. Users should apply the June 2018 Android Security Patch or later. For NVIDIA Shield TV, the fix was delivered in the Shield Experience Upgrade 7.0.1 or later. No workaround is available; updating the device operating system is the recommended mitigation. This CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) as of the published date.