Vulnerabilites related to nvidia - grid_m30_firmware
cve-2018-3979
Vulnerability from cvelistv5
Published
2019-04-01 20:10
Modified
2024-08-05 04:57
Summary
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).
Impacted products
Vendor Product Version
Nouveau Nouveau Version: Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64)
Version: Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload)
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:57:24.572Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Nouveau",
               vendor: "Nouveau",
               versions: [
                  {
                     status: "affected",
                     version: "Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64)",
                  },
                  {
                     status: "affected",
                     version: "Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload)",
                  },
               ],
            },
         ],
         datePublic: "2019-03-26T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "denial of service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-04-19T18:07:24",
            orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            shortName: "talos",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "talos-cna@cisco.com",
               ID: "CVE-2018-3979",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Nouveau",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64)",
                                       },
                                       {
                                          version_value: "Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload)",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Nouveau",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: 7.4,
                  baseSeverity: "High",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "denial of service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647",
                     refsource: "CONFIRM",
                     url: "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
      assignerShortName: "talos",
      cveId: "CVE-2018-3979",
      datePublished: "2019-04-01T20:10:28",
      dateReserved: "2018-01-02T00:00:00",
      dateUpdated: "2024-08-05T04:57:24.572Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2019-04-01 21:30
Modified
2024-11-21 04:06
Summary
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:geforce_gtx_745_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B0B0969-F14F-42AD-9F69-1C4460C0CB83",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:geforce_gtx_745:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E733A3A-347E-4147-89AE-9EEC9B4DB787",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:geforce_gtx_750_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "607AAFC6-E6EC-40A0-B4B0-CCBE11B4EB6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:geforce_gtx_750:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDC42D37-5DDE-4545-A4B9-7701749C0982",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:geforce_gtx_750_ti_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2EE2000-3576-4717-B64C-0C68F4021385",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:geforce_gtx_750_ti:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F2F1B32-CFEE-4417-843D-880302E4D6FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:geforce_gtx_840m_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5270F3F-8395-4477-95A0-6CB616B29774",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:geforce_gtx_840m:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7496DD40-8A3C-4098-A377-F566FD2865BD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:geforce_gtx_845m_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80471038-63CD-4CAF-9D6B-AD9FBDFDC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:geforce_gtx_845m:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3AFBA8C-3D83-4C8E-AB22-A81EB20C012D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:geforce_gtx_850m_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F05EFC5-92F0-4F0F-B757-C4ECDD1F734C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:geforce_gtx_850m:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EFFC1A6-DD6B-4EA7-AB3C-3E7809C9DDD5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:geforce_gtx_860m_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8828EFE-D892-42CC-A541-B51C64289501",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:geforce_gtx_860m:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F6946F0-392C-4126-B6AA-B096526C700F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:geforce_gtx_950m_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "82F295A3-3467-4765-AE4E-8C2EE79BEBB6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:geforce_gtx_960m_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3C8135B-FAA2-464D-B82F-F83F1BDB68EB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EAB33B6-E270-4C11-8E57-2BE127C86134",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:quadro_k620_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5FD140A-A0AB-4D2C-970D-6E203C15ED4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E03A4C2-72EF-44FC-9F97-626C8E8A17EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:quadro_k1200_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8894ED9A-9F9C-46BA-8131-90296C9162B8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:quadro_k2200_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39977D40-14D6-4260-ACA8-2129614C397D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:quadro_k2200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2BC6A4C2-101A-4C8B-AD0F-3423CAB372A1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:quadro_m1000m_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7350569F-FA36-4BBC-BA10-4689B01FEE69",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3896B47E-8787-45D2-96B3-BF4892780F35",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:quadro_m1200m_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7B98AAC-0C1A-43E2-83DD-549D36159849",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:quadro_m1200m:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "42C16B00-58D1-4D09-8547-D83E1351D9AE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:grid_m30_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F00F2D-CF5F-4B36-AC9E-09B8EF350FC6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:grid_m30:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7F50616-3A42-4379-81ED-ED40639AC8AF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:nvidia:grid_m40_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3113B911-40B0-4BAE-A8B5-A02383BCF754",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:nvidia:grid_m40:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEF4E50-B311-4AB0-9A34-E34D854BDF0F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).",
      },
      {
         lang: "es",
         value: "Existe una vulnerabilidad de denegación de servicio (DoS) remota en la manera en la que el controlador Nouveau Display (el controlador de visualización de Ubuntu Nvidia por defecto) gestiona la ejecución del shader de la GPU. Un shader de píxeles especialmente manipulado puede provocar fallos de denegación de servicio (DoS) remota. Un atacante puede proporcionar una imagen especialmente manipulada para desencadenar esta vulnerabilidad. Esta vulnerabilidad puede desencadenarse de manera remota después de que el usuario visita un sitio web mal formado. No se requiere otra interacción del usuario. Las versiones vulnerables incluyen la 18.04 LTS de Ubuntu (linux 4.15.0-29-generic x86_64) y la NV117 del controlador Nouveau Display (vermagic: 4.15.0-29-generic SMP mod_unload).",
      },
   ],
   id: "CVE-2018-3979",
   lastModified: "2024-11-21T04:06:25.557",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 4,
            source: "talos-cna@cisco.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-04-01T21:30:43.110",
   references: [
      {
         source: "talos-cna@cisco.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647",
      },
   ],
   sourceIdentifier: "talos-cna@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}