Information Exposure Affecting nvidia-graphics-drivers-legacy-340xx package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-NVIDIAGRAPHICSDRIVERSLEGACY340XX-385292
- published 2 Dec 2018
- disclosed 13 Nov 2018
Introduced: 13 Nov 2018
CVE-2018-6260 Open this link in a new tabHow to fix?
There is no fixed version for Debian:10 nvidia-graphics-drivers-legacy-340xx.
NVD Description
Note: Versions mentioned in the description apply only to the upstream nvidia-graphics-drivers-legacy-340xx package and not the nvidia-graphics-drivers-legacy-340xx package as distributed by Debian.
See How to fix? for Debian:10 relevant fixed versions and status.
NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.
References
- https://security-tracker.debian.org/tracker/CVE-2018-6260
- https://nvidia.custhelp.com/app/answers/detail/a_id/4738
- https://nvidia.custhelp.com/app/answers/detail/a_id/4772
- http://support.lenovo.com/us/en/solutions/LEN-26250
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6260
- https://usn.ubuntu.com/3904-1/