CVE-2018-3979
moderate-risk
Published 2019-04-01
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).
Do I need to act?
-
0.53% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (17)
Geforce Gtx 745 Firmware
Geforce Gtx 750 Firmware
Geforce Gtx 750 Ti Firmware
Geforce Gtx 840M Firmware
Geforce Gtx 845M Firmware
Geforce Gtx 850M Firmware
Geforce Gtx 860M Firmware
Geforce Gtx 950M Firmware
Geforce Gtx 960M Firmware
Quadro K620 Firmware
Quadro K1200 Firmware
Quadro K2200 Firmware
Quadro M1000M Firmware
Quadro M1200M Firmware
Grid M30 Firmware
Grid M40 Firmware
45
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
2/34 · Minimal
Exposure
19/34 · Moderate