Information Exposure Affecting nvidia-graphics-drivers-legacy-390xx package, versions <390.116-1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-NVIDIAGRAPHICSDRIVERSLEGACY390XX-260098
- published 2 Dec 2018
- disclosed 13 Nov 2018
Introduced: 13 Nov 2018
CVE-2018-6260 Open this link in a new tabHow to fix?
Upgrade Debian:10 nvidia-graphics-drivers-legacy-390xx to version 390.116-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream nvidia-graphics-drivers-legacy-390xx package and not the nvidia-graphics-drivers-legacy-390xx package as distributed by Debian.
See How to fix? for Debian:10 relevant fixed versions and status.
NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.
References
- https://security-tracker.debian.org/tracker/CVE-2018-6260
- https://nvidia.custhelp.com/app/answers/detail/a_id/4738
- https://nvidia.custhelp.com/app/answers/detail/a_id/4772
- http://support.lenovo.com/us/en/solutions/LEN-26250
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6260
- https://usn.ubuntu.com/3904-1/