CVE-2014-8298 : The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request.

Published 2014-12-10 15:59:17

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2014-8298

Nvidia » Gpu Driver » For Chrome Os
Versions up to, including, (<=) r39
cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:chrome_os:*:*
Matching versions
Nvidia » Gpu Driver » For Linux Kernel For Tegra
Versions up to, including, (<=) r21.2
cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:linux_kernel:tegra:*
Matching versions
Nvidia » Gpu Driver » Version: R340.65 For Linux Kernel
cpe:2.3:a:nvidia:gpu_driver:r340.65:*:*:*:*:linux_kernel:*:*
Matching versions
Nvidia » Gpu Driver » Version: R343.00 For Linux Kernel
cpe:2.3:a:nvidia:gpu_driver:r343.00:*:*:*:*:linux_kernel:*:*
Matching versions
Nvidia » Gpu Driver » Version: R343.36 For Linux Kernel
cpe:2.3:a:nvidia:gpu_driver:r343.36:*:*:*:*:linux_kernel:*:*
Matching versions
Nvidia » Gpu Driver » Version: R346.00 For Linux Kernel
cpe:2.3:a:nvidia:gpu_driver:r346.00:*:*:*:*:linux_kernel:*:*
Matching versions
Nvidia » Gpu Driver » Version: R304.125 For Linux Kernel
cpe:2.3:a:nvidia:gpu_driver:r304.125:*:*:*:*:linux_kernel:*:*
Matching versions
Nvidia » Gpu Driver » Version: R331.00 For Linux Kernel
cpe:2.3:a:nvidia:gpu_driver:r331.00:*:*:*:*:linux_kernel:*:*
Matching versions
Nvidia » Gpu Driver » Version: R346.22 For Linux Kernel
cpe:2.3:a:nvidia:gpu_driver:r346.22:*:*:*:*:linux_kernel:*:*
Matching versions
Nvidia » Gpu Driver » Version: R331.112 For Linux Kernel
cpe:2.3:a:nvidia:gpu_driver:r331.112:*:*:*:*:linux_kernel:*:*
Matching versions
Nvidia » Gpu Driver » Version: R340.00 For Linux Kernel
cpe:2.3:a:nvidia:gpu_driver:r340.00:*:*:*:*:linux_kernel:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-8298

EPSS FAQ

1.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8298

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-8298

CWE-19

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8298

http://nvidia.custhelp.com/app/answers/detail/a_id/3610

Security Bulletin: CVE-2014-8298: GLX-Indirect (Including CVE-2014-8093, CVE-2014-8098) | NVIDIA
Vendor Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Oracle Bulletin Board Update - January 2015

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-8298

Products affected by CVE-2014-8298

Exploit prediction scoring system (EPSS) score for CVE-2014-8298

CVSS scores for CVE-2014-8298

CWE ids for CVE-2014-8298

References for CVE-2014-8298