Two popular products from tech giants Intel and Nvidia have been identified having high-severity flaws. The products impacted are the Nvidia Shield TV and Intel NUC mini-PC kit.
The Nvidia Shield TV, a media streaming box that runs on the Android OS is used mainly for gaming and media streaming. Intel’s NUC (Next Unit of Computing) mini-PC is used for gaming, digital signage and it offers processing, memory and storage capabilities.
Both companies released a security advisory stating four high-severity flaws. The flaws in the Nvidia Shield can enable code execution, denial of service, escalation of privileges, and information disclosure. The two vulnerabilities in the Intel NUC can lead to denial of service or information disclosure.
CVE-201-5699, one of the flaws in the Nvidia Shield TV can affect the Tegra bootloader via incorrect bound check and the second flaw (CVE-2019-5700) also affects the bootloader. Both the flaws rate 7.6 on 10 in the CVSS (Common Vulnerability Scoring System).
It is advised to update to version 8.0.1 as soon as possible and patch the device against the vulnerabilities.
The two high-severity flaws in the Intel NUC include a pointer corruption bug (CVE-2019-14569) and a memory corruption bug (CVE-2019-14570) that can allow a local attacker to launch an array of malicious attacks. Both the flaws are rated 7.5 out of 10 within the CVSS.
The impacted products include the NUC 8 mainstream game kit and mini-computer, the Intel NUC Board DE3815TYBE (H26998-500 & later), NUC Kit DE3815TYKHE (H27002-500 & later), NUC Board DE3815TYBE, NUC Kit DE3815TYKHE and NUC Kit DN2820FYKH. The relevant updates are available for download on Intel’s website.