1. Home
  2. CVE Database
  3. CVE-2018-3979
MEDIUM · 6.5

CVE-2018-3979

A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can caus...

Vulnerability Description

A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CanonicalUbuntu Linux18.04
NvidiaGeforce Gtx 745 Firmware-
NvidiaGeforce Gtx 745-
NvidiaGeforce Gtx 750 Firmware-
NvidiaGeforce Gtx 750-
NvidiaGeforce Gtx 750 Ti Firmware-
NvidiaGeforce Gtx 750 Ti-
NvidiaGeforce Gtx 840M Firmware-
NvidiaGeforce Gtx 840M-
NvidiaGeforce Gtx 845M Firmware-
NvidiaGeforce Gtx 845M-
NvidiaGeforce Gtx 850M Firmware-
NvidiaGeforce Gtx 850M-
NvidiaGeforce Gtx 860M Firmware-
NvidiaGeforce Gtx 860M-
NvidiaGeforce Gtx 950M Firmware-
NvidiaGeforce Gtx 950M-
NvidiaGeforce Gtx 960M Firmware-
NvidiaGeforce Gtx 960M-
NvidiaQuadro K620 Firmware-

Related Weaknesses (CWE)

CWE-400

References

FAQ

What is CVE-2018-3979?

CVE-2018-3979 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can caus...

How severe is CVE-2018-3979?

CVE-2018-3979 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-3979?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Nvidia Geforce Gtx 745 Firmware, Nvidia Geforce Gtx 745, Nvidia Geforce Gtx 750 Firmware, Nvidia Geforce Gtx 750.