7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.1%
NVIDIA Unix security team reports:
The GLX indirect rendering support supplied on NVIDIA products
is subject to the recently disclosed X.Org vulnerabilities
(CVE-2014-8093, CVE-2014-8098) as well as internally identified
vulnerabilities (CVE-2014-8298).
Depending on how it is configured, the X server typically runs
with raised privileges, and listens for GLX indirect rendering
protocol requests from a local socket and potentially a TCP/IP
port. The vulnerabilities could be exploited in a way that
causes the X server to access uninitialized memory or overwrite
arbitrary memory in the X server process. This can cause a
denial of service (e.g., an X server segmentation fault), or
could be exploited to achieve arbitrary code execution.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | nvidia-driver | < 340.65 | UNKNOWN |
FreeBSD | any | noarch | nvidia-driver-304 | < 304.125 | UNKNOWN |
FreeBSD | any | noarch | nvidia-driver-173 | <= 173.14.35_3 | UNKNOWN |
FreeBSD | any | noarch | nvidia-driver-96 | <= 96.43.23_2 | UNKNOWN |
FreeBSD | any | noarch | nvidia-driver-71 | <= 71.86.15_4 | UNKNOWN |