Intel NUCs, Nvidia Shield TV Both Hit With High-Severity Security Flaws
Intel NUC devices are vulnerable to high severity flaws, as is Nvidia’s Shield TV streaming media player.
Intel and Nvidia both issued security advisories this week. Intel’s warns that its Next Unit of Computing (NUC) devices are vulnerable to high severity flaws, while Nvidia’s said the same of its Shield TV streaming media player.
Intel NUC Security Vulnerabilities
The NUC is affected by two flaws: a pointer corruption bug (CVE-2019-14569) and a memory corruption one (CVE-2019-14570) in the NUC system firmware. The bugs may allow a privileged user to enable escalation of privilege, denial of service and/or information disclosure via local access.
Both firmware flaws are rated “High” with a score of 7.5 out of 10 within the Common Vulnerability Scoring System (CVSS).
Affected products include:
If you own one of these devices, you can download the relevant firmware from Intel’s website.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Researchers have reported multiple NUC system firmware vulnerabilities over the past few months. Of course, that’s on top of all the Spectre-class vulnerabilities Intel has had to fix over the past couple of years.
Nvidia Shield TV Security Vulnerabilities
Today, Nvidia also disclosed two flaws with its Shield TV that may lead to information disclosure, denial of service, code execution, or escalation of privileges.
One of the flaws (CVE‑2019‑5699) affects the Tegra bootloader via an incorrect bounds check, which can lead to buffer overflow and escalation of privilege and code execution. The second flaw (CVE‑2019‑5700) also affects the bootloader. The fields of the boot image aren’t validated, which may lead to code execution, denial of service, escalation of privileges and information disclosure.
Both flaws are rated 7.6 out of 10 within the CVSS. Nvidia said that all Shield Experience software versions prior to 8.0.1 are affected. You should check the updates section on your Shield devices and ensure you have Shield Experience 8.0.1 or newer to mitigate against these vulnerabilities.
Alarming amount of Texas Instrument chips found in Russian-based weapons in Ukraine — Russian military using third parties to purchase U.S-made chips
Aoostar AG02 eGPU dock with OCuLink support and 500W PSU announced for $219
China levels anti-trust charges against Nvidia – country accuses chipmaker of violating anti-monopoly regulations, examining the $7 billion Mellanox acquisition