PT-2014-8449 · Nvidia+2 · Linux For Tegra (L4T) Driver+3
Published
2014-12-10
·
Updated
2016-10-26
·
CVE-2014-8298
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
NVIDIA Linux Discrete GPU drivers versions prior to R304.125
NVIDIA Linux Discrete GPU drivers R331.x versions prior to R331.113
NVIDIA Linux Discrete GPU drivers R340.x versions prior to R340.65
NVIDIA Linux Discrete GPU drivers R343.x versions prior to R343.36
NVIDIA Linux Discrete GPU drivers R346.x versions prior to R346.22
Linux for Tegra (L4T) driver versions prior to R21.2
Chrome OS driver versions prior to R40
Description
The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault and X server crash, or possibly execute arbitrary code. This is achieved through a crafted GLX indirect rendering protocol request.
Recommendations
For NVIDIA Linux Discrete GPU drivers versions prior to R304.125, update to version R304.125 or later.
For NVIDIA Linux Discrete GPU drivers R331.x versions prior to R331.113, update to version R331.113 or later.
For NVIDIA Linux Discrete GPU drivers R340.x versions prior to R340.65, update to version R340.65 or later.
For NVIDIA Linux Discrete GPU drivers R343.x versions prior to R343.36, update to version R343.36 or later.
For NVIDIA Linux Discrete GPU drivers R346.x versions prior to R346.22, update to version R346.22 or later.
For Linux for Tegra (L4T) driver versions prior to R21.2, update to version R21.2 or later.
For Chrome OS driver versions prior to R40, update to version R40 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chromedriver
Linux For Tegra (L4T) Driver
Nvidia Linux Discrete Gpu Drivers
Ubuntu