Vulnerability CVE-2018-3979


Published: 2019-04-01

Description:
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

Vendor: Canonical
Product: Ubuntu linux 
Version: 18.04;
Vendor: Nvidia
Product: Geforce gtx 845m firmware 
Product: Quadro k1200 firmware 
Product: Geforce gtx 860m firmware 
Product: Geforce gtx 750 firmware 
Product: Quadro k620 firmware 
Product: Geforce gtx 960m firmware 
Product: Geforce gtx 840m firmware 
Product: Quadro m1200m firmware 
Product: Grid m40 firmware 
Product: Geforce gtx 850m firmware 
Product: Geforce gtx 745 firmware 
Product: Quadro k2200 firmware 
Product: Geforce gtx 950m firmware 
Product: Geforce gtx 750 ti firmware 
Product: Quadro m1000m firmware 
Product: Grid m30 firmware 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647

Related CVE
CVE-2019-5677
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes o...
CVE-2019-5676
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), lead...
CVE-2019-5675
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables acr...
CVE-2019-5673
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denia...
CVE-2019-5672
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs...
CVE-2019-5671
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service...
CVE-2019-5670
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to...
CVE-2019-5669
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to...

Copyright 2019, cxsecurity.com

 

Back to Top