CVE-2018-3979 — Uncontrolled Resource Consumption in Nouveau

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 32.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nouveau Canonical Ubuntu Linux Debian Xserver-xorg-video-nouveau

Timeline

PublishedApr 1

Latest updateMay 13

Description

A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5nouveau/nouveauNouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload), Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64)+1

▶debiandebian/xserver-xorg-video-nouveau

Also affects: Ubuntu Linux 18.04

🔴Vulnerability Details

GHSA

GHSA-m48r-fqqr-r9gc: A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader ex↗2022-05-13

▶

OSV

CVE-2018-3979: A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader ex↗2019-04-01

▶

📋Vendor Advisories

Debian

CVE-2018-3979: xserver-xorg-video-nouveau - A remote denial-of-service vulnerability exists in the way the Nouveau Display D...↗2018

▶