CVE-2017-6264

Name of the Vulnerable Software and Affected Versions NVIDIA GPU driver versions (affected versions not specified) Android (affected versions not specified)

Description The issue is related to insufficient access control in the NVIDIA GPU driver, specifically the gm20b clk throt set cdev state function. It allows a remote attacker to execute arbitrary code in the context of a privileged process. This is due to an out of bounds memory read being used as a function pointer, which could lead to code execution in the kernel. The issue is rated as high and could allow a local malicious application to execute arbitrary code within the context of a privileged process.

Recommendations For the NVIDIA GPU driver, consider restricting access to the gm20b clk throt set cdev state function until a patch is available. For Android, at the moment, there is no information about a newer version that contains a fix for this vulnerability.