CVE-2018-3979
First published: Mon Apr 01 2019(Updated: )
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Linux | =18.04 | |
| Nvidia GeForce GTX 745 | ||
| Nvidia GeForce GTX 745 | ||
| Nvidia GeForce GTX 750 | ||
| Nvidia GeForce GTX 750 | ||
| Nvidia GeForce GTX 750 Ti | ||
| Nvidia Geforce GTX 750 Ti Firmware | ||
| Nvidia GeForce GTX 840M Firmware | ||
| Nvidia GeForce GTX 840M | ||
| Nvidia GeForce GTX 845M Firmware | ||
| Nvidia GeForce GTX 845M | ||
| Nvidia GeForce GTX 850M | ||
| Nvidia GeForce GTX 850M | ||
| Nvidia GeForce GTX 860M Firmware | ||
| NVIDIA GeForce GTX 860M | ||
| Nvidia GeForce GTX 950M | ||
| Nvidia GeForce GTX 950M | ||
| Nvidia GeForce GTX 960M Firmware | ||
| Nvidia GeForce GTX 960M Firmware | ||
| Nvidia Quadro K620 | ||
| Nvidia Quadro K620 | ||
| Nvidia Quadro K1200 | ||
| Nvidia Quadro K1200 | ||
| Nvidia Quadro K2200 | ||
| Nvidia Quadro K2200 | ||
| Nvidia Quadro M1000M Firmware | ||
| Nvidia Quadro M1000M | ||
| NVIDIA Quadro Firmware | ||
| Nvidia Quadro M1200M | ||
| Nvidia Grid M30 | ||
| Nvidia Grid M30 | ||
| Nvidia GRID M40 Firmware | ||
| Nvidia GRID M40 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-3979?
CVE-2018-3979 is a remote denial-of-service vulnerability in the Nouveau Display Driver.
What software is affected by CVE-2018-3979?
The affected software includes Ubuntu Linux 18.04 and Nvidia GeForce GTX 745 Firmware.
How does CVE-2018-3979 impact systems?
CVE-2018-3979 can cause remote denial-of-service issues by exploiting the way the Nouveau Display Driver handles GPU shader execution.
What is the severity of CVE-2018-3979?
CVE-2018-3979 has a severity rating of 6.5 (high).
How can I fix CVE-2018-3979?
To mitigate CVE-2018-3979, users should apply the latest security patches provided by the vendor or update to a non-vulnerable version of the software.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/18.04
- vendor/nvidia
- canonical/nvidia geforce gtx 745
- canonical/nvidia geforce gtx 750
- canonical/nvidia geforce gtx 750 ti
- canonical/nvidia geforce gtx 750 ti firmware
- canonical/nvidia geforce gtx 840m firmware
- canonical/nvidia geforce gtx 840m
- canonical/nvidia geforce gtx 845m firmware
- canonical/nvidia geforce gtx 845m
- canonical/nvidia geforce gtx 850m
- canonical/nvidia geforce gtx 860m firmware
- canonical/nvidia geforce gtx 860m
- canonical/nvidia geforce gtx 950m
- canonical/nvidia geforce gtx 960m firmware
- canonical/nvidia quadro k620
- canonical/nvidia quadro k1200
- canonical/nvidia quadro k2200
- canonical/nvidia quadro m1000m firmware
- canonical/nvidia quadro m1000m
- canonical/nvidia quadro firmware
- canonical/nvidia quadro m1200m
- canonical/nvidia grid m30
- canonical/nvidia grid m40 firmware