Nvidia patches severe bugs in edge computing modules

Nvidia has released 13 patches targeting two low-end embedded computing boards. The processor company explained in a security advisory this week that the flaws could lead to code execution, denial of service, escalation of privileges, or information disclosure.

These security bugs won’t turn up in your gaming PC, but they could cause problems for your drone or smart internet facial recognition security camera. They affect the Nvidia Jetson TX1 and TX2 boards, each of which carries an Nvidia Tegra processor. Released in November 2015, the TX1 is a module the size of a pack of cigarettes designed to be integrated into IoT products. The TX2 is a higher-powered successor.

Described by Nvidia as a “supercomputer on a module”, these boards are designed for AI-powered applications like embedded deep learning and computer vision. These are the kinds of modules that put the ‘edge’ in edge computing. They’re supposed to be used in robots, 3D scanners and the like.

Vulnerability CVE‑2018‑6269 gets the highest base score (a CVSS score representing severity) in the security advisory. It is a flaw in the Tegra kernel driver’s input/output control handling for user mode requests. This is the only bug in the pack that could lead to potential code execution, according to the advisory.

This bug is also one of many that can lead to privilege escalation or denial of service. The next three highest-scoring bugs carry these risks.

CVE‑2017‑6278 is a bug in the kernel’s thermal driver that could allow an attacker to read or write after the end of a buffer. CVE‑2018‑6267 is a bug in the driver for OpenMax, which is a set of C-language programming interfaces for multimedia processing. It fails to validate metadata, which could allow an attacker to deny service or escalate their privileges by submitting malicious metadata. Another bug in that driver, CVE‑2018‑6271, improperly validates input, potentially affecting program control flow.

There are several information disclosure bugs. One of the most interesting to us is also the one with the lowest base score of the lot. It is a speculative execution and memory reading bug. Speculative execution tries to predict which instructions the system may need to run, and use some of their processor cores to prepare them while they wait for results from other cores.

The bug, CVE‑2018‑3639, may allow unauthorized disclosure of information to an attacker with the local user access via a side-channel analysis, the advisory said. Speculative execution bugs have plagued Nvidia rival Intel over the past 18 months, with the discovery of flaws like Spectre and, more recently, Spoiler.