Vulnerability Description:

The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098) as well as internally identified vulnerabilities (CVE-2014-8298).

Exploit Scope and Risk:

Depending on how it is configured, the X server typically runs with raised privileges, and listens for GLX indirect rendering protocol requests from a local socket and potentially a TCP/IP port. The vulnerabilities could be exploited in a way that causes the X server to access uninitialized memory or overwrite arbitrary memory in the X server process. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution.

The CVSS Risk assessment is listed below.

CVSS Base Score - 8.3

Exploitability sub-score - 6.5

Access Vector: Adjacent Network

Access Complexity: Low

Authentication: None

Impact sub-score - 10.0

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

CVSS temporal sub-score - 3.5

Exploitability: Unproven that Exploit Exists

Remediation Level: Workaround

Report Confidence: Confirmed

CVSS Environmental Score - [determined by user]

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA knows of no known exploits to these issues at this time.

Vulnerable Configurations:

The NVIDIA implementation of GLX indirect rendering is only used in the NVIDIA GPU drivers for Solaris, FreeBSD, VMware ESX, and other Linux based operating systems where an X server is in use. NVIDIA GPU drivers for other operating systems are not affected.

Vulnerability Discovery:

NVIDIA was informed of this issue by public advisement from X.Org participants on Oct 9, 2014, by Adam Jackson and Alan Coopersmith. Internal analysis and additional issues refined by Robert Morell of NVIDIA.

Fix:

NVIDIA recommends that users upgrade their drivers. Refer to the table below for recommended driver updates and locations.

Driver Scheduled Support Date Linux Discrete GPU Drivers Driver Download Releases prior to 304 Has reached 'end of life' and no longer supported. R304.125 and better R304.125 available as of 12/9 R331.113 and better R331.113 available as of 12/9 R340.65 and better R340.65 available as of 12/9 R343.36 and better R343.36 available as of 12/9 R346.22 and better R346.22 Beta available as of 12/9 Linux for Tegra (L4T) Products Linux for Tegra Download R19.x No fix planned-update to R21.2 R21.1 No fix planned - update to R21.2 R21.2 Release planned for 12/9/2014 Chrome OS R40 or better Contact Google support for release information CUDA Toolkit SDK CUDA Toolkit SDK Download To patch the CUDA Toolkit SDK 6.0 and 6.5 installation, install the updated drivers with the security patch from Release 331 and Release 340



For CUDA 5.5, Release 319 is no longer supported, however all toolkits are compatible with later drivers. Customers should install the patch from Release 331 or 340 CUDA 5.5 R331.113 or R340.65, available as of 12/9 CUDA 6.0 R331.113 available as of 12/9 CUDA 6.5 R340.65 available as of 12/9

Mitigations:

You may consider either of the following steps to help further mitigate against GLX protocol vulnerabilities: