CVE-2019-5700

HIGH

NVIDIA Shield Experience < 8.0.1 - Code Execution via Boot Image Validation Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5700. PoCs published by oscardagrach.

AI-analyzed exploit summary This is a detailed writeup explaining CVE-2019-5700, a vulnerability in Nvidia Tegra bootloaders that allows arbitrary memory writes via the 'second' field in the Android boot image header. The exploit leverages lack of sanity checks on the 'second' image's size and address to achieve code execution or memory corruption.

Description

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Exploits (1)

nomisec WRITEUP 11 stars
by oscardagrach · poc
https://github.com/oscardagrach/CVE-2019-5700

This is a detailed writeup explaining CVE-2019-5700, a vulnerability in Nvidia Tegra bootloaders that allows arbitrary memory writes via the 'second' field in the Android boot image header. The exploit leverages lack of sanity checks on the 'second' image's size and address to achieve code execution or memory corruption.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Nvidia Tegra t114-t210 SoCs bootloader
No auth needed
Prerequisites: Physical access or ability to modify the boot image · Custom boot image with crafted 'second' field
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4875
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4910

Scores

CVSS v3 7.8
EPSS 0.0005
EPSS Percentile 14.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
nvidia/shield_experience < 8.0.1
Published Oct 09, 2019
Tracked Since Feb 18, 2026