Security Bulletin: CVE-2014-8298: GLX-Indirect (Including CVE-2014-8093, CVE-2014-8098)

CVE-2014-8298: GLX-Indirect (Including CVE-2014-8093, CVE-2014-8098)

Go to NVIDIA Product Security.

Vulnerability Description:

The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098) as well as internally identified vulnerabilities (CVE-2014-8298).

Exploit Scope and Risk:

Depending on how it is configured, the X server typically runs with raised privileges, and listens for GLX indirect rendering protocol requests from a local socket and potentially a TCP/IP port. The vulnerabilities could be exploited in a way that causes the X server to access uninitialized memory or overwrite arbitrary memory in the X server process. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution.

The CVSS Risk assessment is listed below.

CVSS Base Score - 8.3

Exploitability sub-score - 6.5

Access Vector: Adjacent Network

Access Complexity: Low

Authentication: None

Impact sub-score - 10.0

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

CVSS temporal sub-score - 3.5

Exploitability: Unproven that Exploit Exists

Remediation Level: Workaround

Report Confidence: Confirmed

CVSS Environmental Score - [determined by user]

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA knows of no known exploits to these issues at this time.

Vulnerable Configurations:

The NVIDIA implementation of GLX indirect rendering is only used in the NVIDIA GPU drivers for Solaris, FreeBSD, VMware ESX, and other Linux based operating systems where an X server is in use. NVIDIA GPU drivers for other operating systems are not affected.

Vulnerability Discovery:

NVIDIA was informed of this issue by public advisement from X.Org participants on Oct 9, 2014, by Adam Jackson and Alan Coopersmith. Internal analysis and additional issues refined by Robert Morell of NVIDIA.

Fix:

NVIDIA recommends that users upgrade their drivers. Refer to the table below for recommended driver updates and locations.

Mitigations:

You may consider either of the following steps to help further mitigate against GLX protocol vulnerabilities:

• Configure the X server to prohibit X connections from the local area network (by passing the "-nolisten tcp" command line option to the X.Org X server). Many Linux distributions already set this option by default. Consult your operating system's documentation for details on setting X server command line options
• Disable GLX indirect contexts. With any of the fixed NVIDIA driver versions mentioned above, indirect GLX contexts can be prohibited by setting the "AllowIndirectGLXProtocol" X configuration option to False, or setting the "-iglx" X server command line option on X.Org 1.16 or newer.