Intel and Nvidia both issued security advisories this week. Intel’s warns that its Next Unit of Computing (NUC) devices are vulnerable to high severity flaws, while Nvidia’s said the same of its Shield TV streaming media player.
Intel NUC Security Vulnerabilities
The NUC is affected by two flaws: a pointer corruption bug (CVE-2019-14569) and a memory corruption one (CVE-2019-14570) in the NUC system firmware. The bugs may allow a privileged user to enable escalation of privilege, denial of service and/or information disclosure via local access.
Both firmware flaws are rated “High” with a score of 7.5 out of 10 within the Common Vulnerability Scoring System (CVSS).
Affected products include:
If you own one of these devices, you can download the relevant firmware from Intel’s website.
Researchers have reported multiple NUC system firmware vulnerabilities over the past few months. Of course, that’s on top of all the Spectre-class vulnerabilities Intel has had to fix over the past couple of years.
Nvidia Shield TV Security Vulnerabilities
Today, Nvidia also disclosed two flaws with its Shield TV that may lead to information disclosure, denial of service, code execution, or escalation of privileges.
One of the flaws (CVE‑2019‑5699) affects the Tegra bootloader via an incorrect bounds check, which can lead to buffer overflow and escalation of privilege and code execution. The second flaw (CVE‑2019‑5700) also affects the bootloader. The fields of the boot image aren’t validated, which may lead to code execution, denial of service, escalation of privileges and information disclosure.
Both flaws are rated 7.6 out of 10 within the CVSS. Nvidia said that all Shield Experience software versions prior to 8.0.1 are affected. You should check the updates section on your Shield devices and ensure you have Shield Experience 8.0.1 or newer to mitigate against these vulnerabilities.