First published: Mon Apr 01 2019(Updated: )
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =18.04 | |
Nvidia Geforce Gtx 745 Firmware | ||
Nvidia Geforce Gtx 745 | ||
Nvidia Geforce Gtx 750 Firmware | ||
Nvidia Geforce Gtx 750 | ||
Nvidia Geforce Gtx 750 Ti Firmware | ||
Nvidia Geforce Gtx 750 Ti | ||
Nvidia Geforce Gtx 840m Firmware | ||
Nvidia Geforce Gtx 840m | ||
Nvidia Geforce Gtx 845m Firmware | ||
Nvidia Geforce Gtx 845m | ||
Nvidia Geforce Gtx 850m Firmware | ||
Nvidia Geforce Gtx 850m | ||
Nvidia Geforce Gtx 860m Firmware | ||
Nvidia Geforce Gtx 860m | ||
Nvidia Geforce Gtx 950m Firmware | ||
Nvidia Geforce Gtx 950m | ||
Nvidia Geforce Gtx 960m Firmware | ||
Nvidia Geforce Gtx 960m | ||
Nvidia Quadro K620 Firmware | ||
Nvidia Quadro K620 | ||
Nvidia Quadro K1200 Firmware | ||
Nvidia Quadro K1200 | ||
Nvidia Quadro K2200 Firmware | ||
Nvidia Quadro K2200 | ||
Nvidia Quadro M1000m Firmware | ||
Nvidia Quadro M1000m | ||
Nvidia Quadro M1200m Firmware | ||
Nvidia Quadro M1200m | ||
Nvidia Grid M30 Firmware | ||
Nvidia Grid M30 | ||
Nvidia Grid M40 Firmware | ||
Nvidia Grid M40 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-3979 is a remote denial-of-service vulnerability in the Nouveau Display Driver.
The affected software includes Ubuntu Linux 18.04 and Nvidia GeForce GTX 745 Firmware.
CVE-2018-3979 can cause remote denial-of-service issues by exploiting the way the Nouveau Display Driver handles GPU shader execution.
CVE-2018-3979 has a severity rating of 6.5 (high).
To mitigate CVE-2018-3979, users should apply the latest security patches provided by the vendor or update to a non-vulnerable version of the software.