Ubuntu.comUB:CVE-2018-3979CVE-2018-3979
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
42.1%
A remote denial-of-service vulnerability exists in the way the Nouveau
Display Driver (the default Ubuntu Nvidia display driver) handles GPU
shader execution. A specially crafted pixel shader can cause remote
denial-of-service issues. An attacker can provide a specially crafted
website to trigger this vulnerability. This vulnerability can be triggered
remotely after the user visits a malformed website. No further user
interaction is required. Vulnerable versions include Ubuntu 18.04 LTS
(linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic:
4.15.0-29-generic SMP mod_unload).
Notes
| Author | Note |
|---|---|
| mdeslaur | as of 2019-05-06, no fix available |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
42.1%