CVE-2015-1538: Integer overflows during MP4 atom processing
CVE-2015-1539: An integer underflow in ESDS processing
CVE-2015-3824: Integer overflow in libstagefright when parsing the MPEG4 tx3g atom
CVE-2015-3826: Unbounded buffer read in libstagefright while parsing 3GPP metadata
CVE-2015-3827: Integer underflow in libstagefright when processing MPEG4 covr atoms
CVE-2015-3828: Integer underflow in libstagefright if size is below 6 while processing 3GPP metadata
CVE-2015-3829: Integer overflow in libstagefright processing MPEG4 covr atoms
CVE-2015-3864: Integer overflow in libstagefright when processing 'tx3g' MP4 atom
Vulnerability Description:
The Google Android operating system's multimedia engine, known as Stagefright (or libstagefright), is affected by several vulnerabilities that may enable a remote attacker to cause a denial of service or execute arbitrary code with elevated permissions.
Exploit Scope and Risk:
The Google provided binary "libstagefright" typically runs in a process with elevated privileges. When exploited this may allow an attacker to access privileged functions, such as camera, microphone, and speakers.
The CVSS Risk assessment is listed below.
CVSS Base Score - 10
Exploitability sub-score- 10
Access Vector: Network
Access Complexity: Low
Authentication: None
Impact sub-score - 10.0
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
CVSS temporal sub-score - 7.8
Exploitability: Proof of concept exists
Remediation Level: Official fix
Report Confidence: Confirmed
CVSS Environmental Score - [determined by user]
NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommend consulting a local security or IT professional to evaluate the risk of your specific configuration.
Vulnerable Configurations:
This vulnerability affects NVIDIA products running the Android operating system including TegraNote 7, SHIELD Portable, SHIELD Tablet, and SHIELD (2015) .
Vulnerability Discovery:
Discovery is credited to Joshua J. Drake of Zimperium, who reported it to the Android team at Google, who subsequently informed its product partners, including NVIDIA.
Fix:
NVIDIA recommends that users run the latest software available. Refer to the table below for software versions containing fixes for this issue.
Product |
Patched SHIELD Software Version |
SHIELD Portable |
OTA 6.1 |
SHIELD Tablet |
OTA 3.1.1 |
SHIELD TV |
OTA 2.1 |
Mitigations:
Exposure may be reduced by avoiding untrusted websites, applications, and storage media (such as SD cards, USB storage, or network storage), which may contain malicious media files targeting this vulnerability.
As always, observe safe computing practices by:
Keeping your devices updated with the latest patches at all times.
Only download or execute content and programs from trusted third parties.
Use a lock screen to protect your device from unauthorized use.
Beware of rooting, custom recovery software, and other modifications that may compromise the device's security.