Lucene search
This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.NVIDIA_UNIX_2019_02.NASLHistoryMar 01, 2019 - 12:00 a.m.
NVIDIA Linux GPU Display Driver Information Disclosure Vulnerability (CVE-2018-6260)
2019-03-0100:00:00
This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by a local information disclosure vulnerability.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(122509);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/15");
script_cve_id("CVE-2018-6260");
script_xref(name:"IAVA", value:"2019-A-0063-S");
script_name(english:"NVIDIA Linux GPU Display Driver Information Disclosure Vulnerability (CVE-2018-6260)");
script_summary(english:"Checks the driver version.");
script_set_attribute(attribute:"synopsis", value:
"A display driver installed on the remote Linux host is affected by
an information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The NVIDIA GPU display driver software on the remote host is missing
a security update. It is, therefore, affected by a local information
disclosure vulnerability.");
script_set_attribute(attribute:"see_also", value:"https://nvidia.custhelp.com/app/answers/detail/a_id/4772");
script_set_attribute(attribute:"solution", value:
"Upgrade the NVIDIA graphics driver in accordance with the vendor
advisory.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6260");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/13");
script_set_attribute(attribute:"patch_publication_date", value:"2019/02/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nvidia:gpu_driver");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nvidia_unix_driver_detect.nbin");
script_require_keys("NVIDIA_UNIX_Driver/Version");
exit(0);
}
include('vcf_extras_nvidia.inc');
var app_info = vcf::nvidia_gpu::get_app_info();
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
var constraints = [
{'min_version':'418', 'fixed_version':'418.43', 'gpumodel':['geforce', 'nvs','quadro']},
{'min_version':'410', 'fixed_version':'410.104', 'gpumodel':['geforce', 'nvs','quadro']},
{'min_version':'390', 'fixed_version':'390.116', 'gpumodel':['geforce', 'nvs','quadro']},
{'min_version':'418', 'fixed_version':'418.39', 'gpumodel':'tesla'},
{'min_version':'410', 'fixed_version':'410.104', 'gpumodel':'tesla'},
{'min_version':'396', 'fixed_version':'396.82', 'gpumodel':'tesla'},
{'min_version':'390', 'fixed_version':'390.116', 'gpumodel':'tesla'},
{'min_version':'384', 'fixed_version':'384.183', 'gpumodel':'tesla'}
];
vcf::nvidia_gpu::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_NOTE
);| Vendor | Product | Version | CPE |
|---|---|---|---|
| nvidia | gpu_driver | cpe:/a:nvidia:gpu_driver |
Related
cve
cve
CVE-2018-6260
2018-11-13 18:00:00
cvelist
cvelist
CVE-2018-6260
2018-11-13 18:00:00
prion
prion
Design/Logic Flaw
2018-11-13 17:29:00
openvas
openvas
Ubuntu: Security Advisory (USN-3904-1)
2019-03-08 00:00:00
amazon
amazon
Low: nvidia
2019-03-21 19:07:00
ubuntucve
ubuntucve
CVE-2018-6260
2018-11-13 00:00:00
nvd
nvd
CVE-2018-6260
2018-11-13 17:29:00
nessus
nessus
Ubuntu 18.04 LTS : NVIDIA graphics drivers vulnerability (USN-3904-1)
2019-03-08 00:00:00
Amazon Linux AMI : nvidia (ALAS-2019-1182)
2019-03-26 00:00:00
NVIDIA Windows GPU Display Driver Multiple Vulnerabilities (February 2019)
2019-03-01 00:00:00
debiancve
debiancve
CVE-2018-6260
2018-11-13 18:00:00
nvidia
nvidia
ubuntu
ubuntu
NVIDIA graphics drivers vulnerability
2019-03-07 00:00:00
ibm
ibm
lenovo
lenovo
NVIDIA GPU Display Driver Update - Lenovo Support US
2019-04-17 19:16:53
NVIDIA GPU Display Driver Update - Lenovo Support NL
2019-04-17 19:16:53
hp
hp
HPSBHF03611 rev. 2 - NVIDIA GPU Display Driver Vulnerabilities
2019-03-21 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
Related for NVIDIA_UNIX_2019_02.NASL